{"resultsPerPage":497,"startIndex":0,"totalResults":497,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-15T19:10:34.542","vulnerabilities":[{"cve":{"id":"CVE-2019-13529","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2019-10-09T16:15:14.310","lastModified":"2026-07-13T17:16:27.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation."},{"lang":"es","value":"Un atacante podría enviar un enlace malicioso a un operador autenticado, lo que puede permitir a atacantes remotos realizar acciones con los permisos del usuario en Sunny WebBox versión de firmware 1.6 y anteriores. Este dispositivo utiliza direcciones IP para mantener la comunicación después de un inicio de sesión con éxito, lo que incrementaría la facilidad de explotación."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"SMA Solar Technology AG","product":"Sunny WebBox","versions":[{"version":"Firmware Version 1.6 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:27:45.588330Z","id":"CVE-2019-13529","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sma:sunny_webbox_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"03ADE62A-867D-4F4D-BA85-B0C1B8D9C0A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sma:sunny_webbox:-:*:*:*:*:*:*:*","matchCriteriaId":"640FCE11-8A7C-4582-BEF5-42C4F3B8DEDA"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-281-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-281-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://packetstorm.news/files/id/154789","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2014-5287","sourceIdentifier":"cve@mitre.org","published":"2020-01-08T17:15:10.663","lastModified":"2026-07-13T19:49:31.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI)."},{"lang":"es","value":"Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1-16","matchCriteriaId":"B153FF2E-B572-49C3-8CC8-6E0A62320E1D"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/36609/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/36609/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-46416","sourceIdentifier":"cve@mitre.org","published":"2022-04-07T11:15:10.037","lastModified":"2026-07-13T17:16:30.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling."},{"lang":"es","value":"Una referencia directa a objetos no segura en SUNNY TRIPOWER versión 5.0 firmware 3.10.16.R, que conlleva a un acceso de grupos de usuarios no autorizados debido al manejo no seguro de las cookies"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:23:27.925458Z","id":"CVE-2021-46416","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sma:sunny_tripower_firmware:3.10.16.r:*:*:*:*:*:*:*","matchCriteriaId":"613EBB11-0E78-4A86-8604-C91C105E3188"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sma:sunny_tripower:5.0:*:*:*:*:*:*:*","matchCriteriaId":"78B3BA6B-DA3D-4E88-866E-62D173337823"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Direct-Object-Reference.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sharing","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html","source":"cve@mitre.org","tags":["Product","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Direct-Object-Reference.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sharing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Direct-Object-Reference.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2024-1212","sourceIdentifier":"security@progress.com","published":"2024-02-21T18:15:50.417","lastModified":"2026-07-13T19:49:31.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution."},{"lang":"es","value":"Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress Software","product":"LoadMaster","defaultStatus":"affected","modules":["LoadMaster Management Interface"],"platforms":["Linux"],"versions":[{"version":"7.2.48.1","lessThan":"7.2.48.10","versionType":"semver","status":"affected"},{"version":"7.2.54.0","lessThan":"7.2.54.8","versionType":"semver","status":"affected"},{"version":"7.2.55.0","lessThan":"7.2.59.2","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"kemptechnologies","product":"loadmaster","defaultStatus":"unknown","cpes":["cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.48.1","lessThan":"7.2.48.10","versionType":"custom","status":"affected"},{"version":"7.2.54.0","lessThan":"7.2.54.8","versionType":"custom","status":"affected"},{"version":"7.2.55.0","lessThan":"7.2.59.2","versionType":"custom","status":"affected"}]},{"vendor":"kemptechnologies","product":"loadmaster","defaultStatus":"unknown","cpes":["cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.48.1","lessThan":"7.2.48.10","versionType":"custom","status":"affected"},{"version":"7.2.54.0","lessThan":"7.2.54.8","versionType":"custom","status":"affected"},{"version":"7.2.55.0","lessThan":"7.2.59.2","versionType":"custom","status":"affected"}]},{"vendor":"kemptechnologies","product":"loadmaster","defaultStatus":"unknown","cpes":["cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.48.1","lessThan":"7.2.48.10","versionType":"custom","status":"affected"},{"version":"7.2.54.0","lessThan":"7.2.54.8","versionType":"custom","status":"affected"},{"version":"7.2.55.0","lessThan":"7.2.59.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-19T04:55:44.568916Z","id":"CVE-2024-1212","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2024-11-18","cisaActionDue":"2024-12-09","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Progress Kemp LoadMaster OS Command Injection Vulnerability","weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.48.1","versionEndExcluding":"7.2.48.10","matchCriteriaId":"4FDDEF28-0302-4FA0-8DB7-4E76DC44B82D"},{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.54.0","versionEndExcluding":"7.2.54.8","matchCriteriaId":"1799757C-1255-4897-AC6A-615C799418F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.55.0","versionEndExcluding":"7.2.59.2","matchCriteriaId":"7F0058F3-BD9E-4B27-B696-ED94365AF5DC"}]}]}],"references":[{"url":"https://freeloadbalancer.com/","source":"security@progress.com","tags":["Product"]},{"url":"https://kemptechnologies.com/","source":"security@progress.com","tags":["Product"]},{"url":"https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212","source":"security@progress.com","tags":["Not Applicable"]},{"url":"https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212","source":"security@progress.com","tags":["Release Notes"]},{"url":"https://freeloadbalancer.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://kemptechnologies.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]},{"url":"https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2025-14087","sourceIdentifier":"secalert@redhat.com","published":"2025-12-10T09:15:47.053","lastModified":"2026-07-13T22:16:44.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"GNOME","product":"glib","defaultStatus":"unaffected","collectionURL":"https://gitlab.gnome.org/GNOME/glib","packageName":"glib","versions":[{"version":"0","lessThan":"2.86.3","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:2.80.4-10.el10_1.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.80.4-12.el10_2.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:2.80.4-4.el10_0.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:2.56.1-12.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.56.4-169.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:2.56.4-10.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:2.56.4-10.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.56.4-165.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.56.4-165.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-18.el9_7.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-19.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-18.el9_7.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-19.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"versions":[{"version":"0:2.68.4-5.el9_0.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"versions":[{"version":"0:2.68.4-7.el9_2.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::crb","cpe:/o:redhat:rhel_eus:9.4::baseos"],"versions":[{"version":"0:2.68.4-14.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:2.68.4-16.el9_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1780681984","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"glib2-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.88.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bootc","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glycin-loaders","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"loupe","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"papers","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm-ostree","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"librsvg2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bootc","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"librsvg2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-10T14:46:20.422906Z","id":"CVE-2025-14087","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*","versionEndExcluding":"2.86.3","matchCriteriaId":"890566A0-619C-42E2-BD1D-9EFAC63E68F4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:15953","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15969","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15971","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19148","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19361","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19452","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19457","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19459","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19460","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19523","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19524","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19565","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19566","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19567","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25096","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7461","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-14087","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419093","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/3834","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-14512","sourceIdentifier":"secalert@redhat.com","published":"2025-12-11T07:16:00.463","lastModified":"2026-07-13T17:16:31.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"GNOME","product":"glib","defaultStatus":"unaffected","collectionURL":"https://gitlab.gnome.org/GNOME/glib","packageName":"glib","versions":[{"version":"0","lessThan":"2.86.3","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:2.80.4-10.el10_1.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.80.4-12.el10_2.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:2.80.4-4.el10_0.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.56.4-169.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:2.56.4-10.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:2.56.4-10.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.56.4-158.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.56.4-165.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.56.4-165.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-18.el9_7.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-19.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-18.el9_7.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.68.4-19.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"versions":[{"version":"0:2.68.4-5.el9_0.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"versions":[{"version":"0:2.68.4-7.el9_2.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::crb","cpe:/o:redhat:rhel_eus:9.4::baseos"],"versions":[{"version":"0:2.68.4-14.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:2.68.4-16.el9_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1780681984","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"glib2-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.88.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-glib2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-11T14:54:52.039681Z","id":"CVE-2025-14512","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*","versionEndExcluding":"2.86.3","matchCriteriaId":"890566A0-619C-42E2-BD1D-9EFAC63E68F4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*","matchCriteriaId":"5F7E2F04-474D-4196-9CE8-242642990A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","matchCriteriaId":"053C1B35-3869-41C2-9551-044182DE0A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:15953","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15969","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15971","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19148","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19361","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19452","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19457","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19459","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19460","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19523","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19524","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19565","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19567","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25096","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7461","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-14512","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2421339","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/3845","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-3441","sourceIdentifier":"secalert@redhat.com","published":"2026-03-16T14:19:47.447","lastModified":"2026-07-13T22:16:46.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service."},{"lang":"es","value":"Se encontró una falla en GNU Binutils. Esta vulnerabilidad de desbordamiento de búfer basado en montículo, específicamente una lectura fuera de límites en el enlazador bfd, permite a un atacante obtener acceso a información sensible. Al convencer a un usuario de procesar un archivo objeto XCOFF especialmente diseñado, un atacante puede activar esta falla, lo que podría llevar a la revelación de información o a una denegación de servicio a nivel de aplicación."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.45.1-5.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.46.1-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-16T19:16:03.101223Z","id":"CVE-2026-3441","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*","matchCriteriaId":"70CA109B-85B9-4EF2-9A5F-A7D12F6EA878"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:33527","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:39022","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3441","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443826","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3442","sourceIdentifier":"secalert@redhat.com","published":"2026-03-16T14:19:47.720","lastModified":"2026-07-13T22:16:46.587","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service."},{"lang":"es","value":"Se encontró una falla en GNU Binutils. Esta vulnerabilidad, un desbordamiento de búfer basado en montículo, específicamente una lectura fuera de límites, existe en el componente enlazador bfd. Un atacante podría explotar esto al convencer a un usuario de procesar un archivo objeto XCOFF malicioso especialmente diseñado. La explotación exitosa podría llevar a la divulgación de información sensible o causar que la aplicación falle, lo que resultaría en una denegación de servicio a nivel de aplicación."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.45.1-5.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.46.1-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-16T19:16:44.986147Z","id":"CVE-2026-3442","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*","matchCriteriaId":"70CA109B-85B9-4EF2-9A5F-A7D12F6EA878"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:33527","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:39022","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3442","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443828","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-15608","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-03-20T17:16:41.220","lastModified":"2026-07-13T19:16:34.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques.  \n\nSuccessful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device."},{"lang":"es","value":"Esta vulnerabilidad en AX53 v1 resulta de la sanitización insuficiente de entradas en la lógica de manejo de sondas del dispositivo, donde parámetros no validados pueden desencadenar un desbordamiento de búfer basado en pila que causa la caída del servicio afectado y, bajo condiciones específicas, puede permitir la ejecución remota de código a través de técnicas complejas de heap-spray. La explotación exitosa puede resultar en indisponibilidad repetida del servicio y, en ciertos escenarios, permitir a un atacante obtener control del dispositivo."}],"affected":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","affectedData":[{"vendor":"TP-Link Systems Inc.","product":"AX53 v1","defaultStatus":"unaffected","modules":["tdpServer"],"versions":[{"version":"0","lessThan":"251029","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"AX55 v4","defaultStatus":"unaffected","modules":["tdpServer"],"versions":[{"version":"0","lessThan":"(US)_V4_251030","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"AX55 v4.6","defaultStatus":"unaffected","modules":["tdpServer"],"versions":[{"version":"0","lessThan":"(US)_V4.6_251030","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-21T04:01:44.173518Z","id":"CVE-2025-15608","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*","matchCriteriaId":"8C762E60-933C-4B61-84D1-0A6FE4D5E08E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*","matchCriteriaId":"394AAF99-8784-4872-8EED-A12B97C575E4"}]}]}],"references":[{"url":"https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Product"]},{"url":"https://www.tp-link.com/en/support/download/archer-ax55/v4/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/download/archer-ax55/v4.60/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/download/archer-ax55/v4/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/faq/5025/","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2100","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:04.247","lastModified":"2026-07-13T17:17:16.973","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."},{"lang":"es","value":"Se encontró una falla en p11-kit. Un atacante remoto podría explotar esta vulnerabilidad al llamar a la función C_DeriveKey en un token remoto con parámetros específicos del mecanismo de derivación IBM kyber o IBM btc establecidos en NULL. Esto podría llevar al cliente RPC intentando devolver un valor no inicializado, resultando potencialmente en una desreferencia NULL o comportamiento indefinido. Este problema puede causar una denegación de servicio a nivel de aplicación o a otros estados impredecibles del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"p11-glue","product":"p11-kit","defaultStatus":"unaffected","repo":"https://github.com/p11-glue/p11-kit","versions":[{"version":"0","lessThan":"0.26.2","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:0.26.2-1.el10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:0.26.2-1.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:0.26.2-1.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cost Management 4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"costmanagement/costmanagement-metrics-rhel9-operator","cpes":["cpe:/a:redhat:cost_management:4::el9"],"versions":[{"version":"1780946239","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"p11-kit-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"0.26.2-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-26T20:30:34.453809Z","id":"CVE-2026-2100","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*","matchCriteriaId":"EC8CB498-F5D5-4AB6-B33E-404C80966280"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18599","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:27998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7065","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-2100","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437308","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/p11-glue/p11-kit/pull/740","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/p11-glue/p11-kit/releases/tag/0.26.2","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-33771","sourceIdentifier":"sirt@juniper.net","published":"2026-04-09T22:16:25.430","lastModified":"2026-07-13T18:00:57.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"CTP OS","defaultStatus":"unaffected","versions":[{"version":"9.2R1","lessThanOrEqual":"9.2R2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T17:53:27.069919Z","id":"CVE-2026-33771","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-521"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:ctp_operating_system:9.2:r1:*:*:*:*:*:*","matchCriteriaId":"EC0A9331-940D-4B97-BCA7-8A421432E7A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:ctp_operating_system:9.2:r2:*:*:*:*:*:*","matchCriteriaId":"4914C812-A661-4277-8555-4C54C5C4A575"}]}]}],"references":[{"url":"https://kb.juniper.net/JSA107864","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6845","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T09:16:27.373","lastModified":"2026-07-13T22:16:52.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.45.1-5.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"binutils-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.46.1-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-14-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gcc-toolset-15-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gdb","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-binutils","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-22T18:33:11.429175Z","id":"CVE-2026-6845","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*","matchCriteriaId":"70CA109B-85B9-4EF2-9A5F-A7D12F6EA878"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:34924","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:39022","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-6845","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460012","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3832","sourceIdentifier":"secalert@redhat.com","published":"2026-04-30T18:16:30.433","lastModified":"2026-07-13T17:17:20.443","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/gnutls/gnutls","packageName":"gnutls","versions":[{"version":"0","lessThan":"3.8.13","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T18:22:07.438915Z","id":"CVE-2026-3832","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-179"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3832","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445762","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1801","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1801","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3833","sourceIdentifier":"secalert@redhat.com","published":"2026-04-30T18:16:30.577","lastModified":"2026-07-13T22:16:46.777","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/gnutls/gnutls","packageName":"gnutls","versions":[{"version":"0","lessThan":"3.8.13","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T18:37:27.251775Z","id":"CVE-2026-3833","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3833","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445763","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1803","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1803","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42011","sourceIdentifier":"secalert@redhat.com","published":"2026-05-07T15:16:09.760","lastModified":"2026-07-13T17:17:23.043","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-07T00:00:00+00:00","id":"CVE-2026-42011","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42011","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467437","source":"secalert@redhat.com"},{"url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-8037","sourceIdentifier":"security@progress.com","published":"2026-06-04T14:16:45.177","lastModified":"2026-07-13T19:02:39.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints"}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress Software","product":"LoadMaster","defaultStatus":"unaffected","versions":[{"version":"V7.2.60.0","lessThan":"V7.2.63.2","versionType":"custom","status":"affected"},{"version":"V7.2.45.12","lessThan":"V7.2.54.18","versionType":"custom","status":"affected"}]},{"vendor":"Progress Software","product":"ECS Connections Manager","defaultStatus":"unaffected","versions":[{"version":"V7.2.60.0","lessThan":"V7.2.63.2","versionType":"custom","status":"affected"}]},{"vendor":"Progress Software","product":"Object Scale Connection Manager","defaultStatus":"unaffected","versions":[{"version":"V7.2.60.0","lessThan":"V7.2.63.2","versionType":"custom","status":"affected"}]},{"vendor":"Progress Software","product":"MOVEit WAF","defaultStatus":"unaffected","versions":[{"version":"V7.2.60.0","lessThan":"V7.2.63.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T00:00:00+00:00","id":"CVE-2026-8037","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:connection_manager_for_objectscale:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2.63.2","matchCriteriaId":"029CD311-B604-4813-A75B-4D21806279D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:ecs_connection_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2.63.2","matchCriteriaId":"E431D517-8DEE-44FD-AA7B-E5C536574933"},{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2.54.18","matchCriteriaId":"52829479-F76A-464C-93E2-11A4D090AF99"},{"vulnerable":true,"criteria":"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.55.0","versionEndExcluding":"7.2.63.2","matchCriteriaId":"B5492541-EE6C-41A7-A826-E4D323EB9CBB"}]}]}],"references":[{"url":"https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691","source":"security@progress.com","tags":["Vendor Advisory","Patch"]},{"url":"https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12352","sourceIdentifier":"e8a6bb0b-e373-42b1-a5de-93e314325576","published":"2026-07-07T15:16:42.283","lastModified":"2026-07-13T17:16:46.307","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device."}],"affected":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","affectedData":[{"vendor":"Digi International","product":"PortServer TS 1/2/4","defaultStatus":"unaffected","versions":[{"version":"82000747_V1","lessThanOrEqual":"82000747_AB","versionType":"custom","status":"affected"}]},{"vendor":"Digi International","product":"Digi One SP / SP IA / IA","defaultStatus":"unaffected","versions":[{"version":"82000774_Z","lessThanOrEqual":"82000774_AB","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:56:42.626683Z","id":"CVE-2026-12352","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.digi.com/resources/security","source":"e8a6bb0b-e373-42b1-a5de-93e314325576"}]}},{"cve":{"id":"CVE-2026-12948","sourceIdentifier":"e8a6bb0b-e373-42b1-a5de-93e314325576","published":"2026-07-07T15:16:42.413","lastModified":"2026-07-13T17:16:47.640","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79)."}],"affected":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","affectedData":[{"vendor":"Digi International","product":"Digi PortServer TS","defaultStatus":"unaffected","versions":[{"version":"82000747_V1","lessThanOrEqual":"82000747_AB","versionType":"custom","status":"affected"}]},{"vendor":"Digi International","product":"Digi One SP","defaultStatus":"unaffected","versions":[{"version":"82000774_Z","lessThanOrEqual":"82000774_AB","versionType":"custom","status":"affected"}]},{"vendor":"Digi International","product":"Digi One SP IA","defaultStatus":"unaffected","versions":[{"version":"82000774_Z","lessThanOrEqual":"82000774_AB","versionType":"custom","status":"affected"}]},{"vendor":"Digi International","product":"Digi One IA","defaultStatus":"unaffected","versions":[{"version":"82000774_Z","lessThanOrEqual":"82000774_AB","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:56:16.795819Z","id":"CVE-2026-12948","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"e8a6bb0b-e373-42b1-a5de-93e314325576","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.digi.com/resources/security","source":"e8a6bb0b-e373-42b1-a5de-93e314325576"}]}},{"cve":{"id":"CVE-2026-42505","sourceIdentifier":"security@golang.org","published":"2026-07-08T17:17:21.497","lastModified":"2026-07-13T17:05:36.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"Go standard library","product":"crypto/tls","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"crypto/tls","programRoutines":[{"name":"clientHelloMsg.marshalMsg"},{"name":"Conn.Handshake"},{"name":"Conn.HandshakeContext"},{"name":"Conn.Read"},{"name":"Conn.Write"},{"name":"Dial"},{"name":"DialWithDialer"},{"name":"Dialer.Dial"},{"name":"Dialer.DialContext"},{"name":"QUICConn.HandleData"},{"name":"QUICConn.SendSessionTicket"},{"name":"QUICConn.Start"}],"versions":[{"version":"0","lessThan":"1.25.12","versionType":"semver","status":"affected"},{"version":"1.26.0-0","lessThan":"1.26.5","versionType":"semver","status":"affected"},{"version":"1.27.0-0","lessThan":"1.27.0-rc.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T18:03:53.821942Z","id":"CVE-2026-42505","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.12","matchCriteriaId":"BA474C81-2BDB-451D-BAC7-5714B4F30E1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.26.0","versionEndExcluding":"1.26.5","matchCriteriaId":"08CDCAED-0C22-42D9-97A8-77F19DEECDB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:1.27:rc1:*:*:*:*:*:*","matchCriteriaId":"1062DCC7-46FE-4CF5-ADEF-BEC03F8AB39E"}]}]}],"references":[{"url":"https://go.dev/cl/775960","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/79282","source":"security@golang.org","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc","source":"security@golang.org","tags":["Mailing List","Release Notes","Vendor Advisory"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5856","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59890","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.020","lastModified":"2026-07-13T17:04:58.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pypa","product":"setuptools","versions":[{"version":"< 83.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:44:32.194805Z","id":"CVE-2026-59890","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-176"},{"lang":"en","value":"CWE-697"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:setuptools:*:*:*:*:*:*:*:*","versionEndExcluding":"83.0.0","matchCriteriaId":"A87ABC48-77F5-4222-AB0E-82969286A3A7"}]}]}],"references":[{"url":"https://github.com/pypa/setuptools/commit/dd9f436a36486b4cb8a4c70a2321548b0be09b8f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pypa/setuptools/releases/tag/v83.0.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-44512","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:49.913","lastModified":"2026-07-13T17:02:01.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"onnx","product":"onnx","versions":[{"version":">= 1.9.0, < 1.22.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:36:51.723168Z","id":"CVE-2026-44512","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.22.0","matchCriteriaId":"DF425872-E51A-45F0-8A58-90B2A4BCB2EA"}]}]}],"references":[{"url":"https://github.com/onnx/onnx/commit/cd310408165ad47c3cd7eb2b86cb5b80aa2e4fdf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/onnx/onnx/pull/7813","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/onnx/onnx/releases/tag/v1.22.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55404","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:52.987","lastModified":"2026-07-13T17:01:13.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpage_url or filename metadata without sufficient validation or escaping, allowing malicious file:// URI injection on Windows or newline-based desktop entry key injection on Linux that can execute commands if the generated shortcut is opened. This issue is fixed in version 2026.7.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yt-dlp","product":"yt-dlp","versions":[{"version":"< 2026.7.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:31:16.287811Z","id":"CVE-2026-55404","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.07.04","matchCriteriaId":"FF9BF655-88FE-4E74-A3B8-2CD2582D3B24"}]}]}],"references":[{"url":"https://github.com/yt-dlp/yt-dlp/commit/b6590aaa1e3808155d69c9a79a797ae484163789","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yt-dlp/yt-dlp/releases/tag/2026.07.04","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-6v4j-43gg-vj32","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44024","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.337","lastModified":"2026-07-13T18:48:53.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the ${tag} placeholder, and insufficient validation of ${tag} in file configurations such as the path parameter of the out_file plugin allows attackers sending untrusted tags containing path traversal characters to write or overwrite arbitrary files and potentially achieve remote code execution. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-44024","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.3","matchCriteriaId":"7AB3C52C-7D3D-4BA5-A8D0-8AC7DA6030EC"}]}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/45c87a81f3ac0b72b3f9dcfe8cfb5f9038f81437","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fluent/fluentd/pull/5391","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-44hj-4m45-frj3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44160","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.600","lastModified":"2026-07-13T18:48:13.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http and in_forward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as body_size_limit and chunk_size_limit, allowing crafted compressed payloads to decompress in memory to an excessive size and cause denial of service through memory exhaustion. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:34:49.901088Z","id":"CVE-2026-44160","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.3","matchCriteriaId":"7AB3C52C-7D3D-4BA5-A8D0-8AC7DA6030EC"}]}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/f5f2b7cddf8aab3932e6dec9fa367a5f3eb27e10","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fluent/fluentd/pull/5393","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-j9cw-hwqf-85w7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44161","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.737","lastModified":"2026-07-13T18:36:21.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd out_http output plugin allows placeholders such as ${tag} in the endpoint configuration parameter, and if a placeholder value is derived from untrusted input an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:57.811738Z","id":"CVE-2026-44161","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.3","matchCriteriaId":"7AB3C52C-7D3D-4BA5-A8D0-8AC7DA6030EC"}]}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/c6a01ea2e0ea01977f8d615f7c6dbfae4cba88c9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fluent/fluentd/pull/5394","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-72f5-rr8c-r6gr","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59208","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T16:16:46.610","lastModified":"2026-07-14T01:16:18.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.28.0, < 2.28.1","status":"affected"},{"version":"< 2.27.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T00:19:54.573804Z","id":"CVE-2026-59208","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-346"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.27.4","matchCriteriaId":"53ADAD49-ACDE-4580-B4BC-AE4DF6D9A560"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:2.28.0:*:*:*:*:node.js:*:*","matchCriteriaId":"811995CE-011B-4680-892C-3D6DA0008411"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mq3m-f8x3-579w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15191","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T17:16:57.620","lastModified":"2026-07-14T02:16:52.933","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"mettle","product":"sendportal","cpes":["cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*"],"modules":["Campaign Creation Endpoint"],"versions":[{"version":"3.0.0","status":"affected"},{"version":"3.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T00:59:05.928272Z","id":"CVE-2026-15191","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/mettle/sendportal/","source":"cna@vuldb.com"},{"url":"https://github.com/mettle/sendportal/issues/339","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15191","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/851622","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377117","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377117/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-59217","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.613","lastModified":"2026-07-14T02:16:57.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge_id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing read-only knowledge-base users to add arbitrary files. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:02:42.549293Z","id":"CVE-2026-59217","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/b7626f05fb92b24ab923ad81a037071ebd5623d1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26001","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7r7x-gjvr-448g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7r7x-gjvr-448g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59227","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:04.223","lastModified":"2026-07-14T02:16:57.267","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to invoke server-side image editing with administrator-configured provider credentials. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.8.11, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T00:21:12.800213Z","id":"CVE-2026-59227","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.8.11","versionEndExcluding":"0.10.0","matchCriteriaId":"453B46DC-F427-403E-9688-AB2308A3FC1E"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/e038bab66dec8d17212eec35b5cb6d6b785a4200","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26009","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-rqj7-6wrp-6g2g","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-rqj7-6wrp-6g2g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15204","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T18:16:51.647","lastModified":"2026-07-14T02:16:53.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TOTOLINK","product":"X5000R","cpes":["cpe:2.3:o:totolink:x5000r_firmware:*:*:*:*:*:*:*:*"],"modules":["OpenVPN Export"],"versions":[{"version":"9.1.0cu.2350_B20230313","status":"affected"},{"version":"9.1.0cu.2415_B20250515","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:06:57.712113Z","id":"CVE-2026-15204","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/meishigana/CVE/tree/main/totolink_x5000r_exportovpn_file_disclosure_2026-06-09","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15204","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852073","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377125","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377125/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"},{"url":"https://github.com/meishigana/CVE/tree/main/totolink_x5000r_exportovpn_file_disclosure_2026-06-09","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55420","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T18:16:54.440","lastModified":"2026-07-14T02:16:56.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:08:36.928611Z","id":"CVE-2026-55420","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.5","matchCriteriaId":"E41661D7-5D61-44CF-BFEA-57C53057A46F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.2","matchCriteriaId":"E594AEEC-13D5-48EE-AE07-0C3C25FBBC72"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.5.0","versionEndExcluding":"2026.5.1","matchCriteriaId":"CD722A52-B00A-4548-92CA-807CEB0449B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.6.0:*:*:*:latest:*:*:*","matchCriteriaId":"F2E7E180-2D99-484E-80A8-12F706ABDE65"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/ca5a7e06167561928556afa2f237d67e459c6914","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-7wq5-jgww-5rw3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59817","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T18:16:57.603","lastModified":"2026-07-14T02:16:57.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing money from a site or its members. This issue is fixed in version 6.44.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 6.27.0, < 6.44.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:04:43.336631Z","id":"CVE-2026-59817","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/commit/cab716cd015ac04b7ee50c7a405478d97bc7b1e0","source":"security-advisories@github.com"},{"url":"https://github.com/TryGhost/Ghost/commit/ee7b991b466a7849c70f9d1caed8e491ee4113c6","source":"security-advisories@github.com"},{"url":"https://github.com/TryGhost/Ghost/pull/28351","source":"security-advisories@github.com"},{"url":"https://github.com/TryGhost/Ghost/pull/28352","source":"security-advisories@github.com"},{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-xm43-3m56-w3wf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49274","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.490","lastModified":"2026-07-14T02:16:55.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page existence and retrieve title field values. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:10:20.203787Z","id":"CVE-2026-49274","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1ae575da24e1b1cb8803a031d37eff14606d7c55","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3bad37117adf2013548a784f820ddb2d8317333c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3f4398cdcf9f50f84fdac52ad78a7a85fb31589f","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bffffce6c081f69c46163cc89b1fd18ccf2a18d1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-23q2-54qv-rq5x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54005","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.400","lastModified":"2026-07-14T02:16:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:13:58.848143Z","id":"CVE-2026-54005","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/a16dbd4329293c2c4b9a375d2badcb27c6337004","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/b22d0b64b6478ce6871dc7ec3368d7afaf078688","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-r3w8-2c5r-h9j9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55590","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.670","lastModified":"2026-07-13T17:09:24.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue is fixed in versions 2.11.1, 3.3.6, and 4.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cakephp","product":"authentication","versions":[{"version":"< 2.11.1","status":"affected"},{"version":">= 3.0.0, < 3.3.6","status":"affected"},{"version":">= 4.0.0, < 4.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:18:05.336526Z","id":"CVE-2026-55590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.1","matchCriteriaId":"5BDBBCF8-482A-4CAA-99FD-D93101A4CCB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.3.6","matchCriteriaId":"9F9C700C-6D83-491C-BE19-6889E5B1AAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.1.1","matchCriteriaId":"6CE143EA-DCAE-4CEA-8846-C4420A7DCE39"}]}]}],"references":[{"url":"https://github.com/cakephp/authentication/commit/1c1e29c7e8129cfbcae74558316ecd3ea50a8273","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cakephp/authentication/commit/df28ea4e712f1e5bd0e42be4a3c5c750ca50764d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cakephp/authentication/commit/ee24bd48b9c3ef693dc9965de8f0cc8020a7052c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cakephp/authentication/pull/795","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/cakephp/authentication/pull/796","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/cakephp/authentication/pull/799","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/cakephp/authentication/releases/tag/2.11.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cakephp/authentication/releases/tag/3.3.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cakephp/authentication/releases/tag/4.1.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cakephp/authentication/security/advisories/GHSA-hhpq-7wg4-36jm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33801","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:55.330","lastModified":"2026-07-13T20:36:12.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\n\nUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\n\n\nThis issue affects:\n\n\n\n  *  Junos OS versions 25.2 before 25.2R2;\n\n\n  *  Junos OS Evolved versions 25.2 before 25.2R2-EVO.\n\n\n\n\nThis issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","versions":[{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"25.2","lessThan":"25.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:30:53.472301Z","id":"CVE-2026-33801","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*","matchCriteriaId":"1B7572BB-9C77-4214-9C5F-CC83C7B93E37"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"CAADBF98-38BE-40E2-AF1B-9077DCED0809"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"127FE528-AB27-4B18-AF3B-1BE7C0AEEE20"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*","matchCriteriaId":"DAF96553-DB70-4DFA-8658-306A7477DD06"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"83C415EF-E87B-4259-A836-59B3A9C3914B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"AFD32E67-9D8D-437D-96BC-CA97A1F686BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0E5D9967-1B53-427B-9B23-77DC399F3D71"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110076","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55865","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:56.277","lastModified":"2026-07-14T02:16:56.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed {% case %} tag without an associated {% when %} or {% else %} block and no terminating {% endcase %} tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give the EOF token matching kind and value fields, allowing malicious template authors to craft templates for a denial of service attack. This issue is fixed in version 2.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jg-rp","product":"liquid","versions":[{"version":"< 2.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:15:58.872155Z","id":"CVE-2026-55865","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/jg-rp/liquid/commit/26db8931cf35e8433c1ca506fc32c3bb62f743d4","source":"security-advisories@github.com"},{"url":"https://github.com/jg-rp/liquid/releases/tag/v2.2.1","source":"security-advisories@github.com"},{"url":"https://github.com/jg-rp/liquid/security/advisories/GHSA-vq2f-vcc9-j8mv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-33803","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:03.807","lastModified":"2026-07-13T20:59:26.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\nDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\n\nThis issue affects Junos OS Evolved:\n\n\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S4-EVO,\n  *  25.2 versions before 25.2R2-S1-EVO,\n  *  25.4 versions before 25.4R1-S2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4-EVO","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-S1-EVO","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:30:15.593698Z","id":"CVE-2026-33803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"CEF76CCC-68C0-462C-BB8B-2135A90F3B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*","matchCriteriaId":"6DEAA7FD-385F-4221-907E-65ABC16BE4BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"DDEC008A-3137-48D1-8ABC-6DB0EFC40E50"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558D234D-BC50-415F-86D6-8E19D6C3ACE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"33F4EEEE-77E9-4973-A770-99E7BA2F05F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"A4BB6910-B994-45FD-8153-5EC00EE842E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"D657944B-2066-4F2C-BC92-EDF4DE1C165C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"75A58924-6348-44CF-AB39-1FCE17FE81AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"9A903B31-D9E5-43FA-B09F-7E7769803720"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E23BEA27-77F8-4CDF-A49A-FEF9C33DA513"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"6DD20427-FB6A-46CE-B20F-D62CCC9B4A02"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"31A05D5F-9765-49A8-B9DA-64B05E399935"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*","matchCriteriaId":"9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"7147BA60-30A5-4CED-9AAF-F6BEA0528B89"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"6E5CE59B-14B2-4F4C-81B5-0430EC954956"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"FB82B22F-9005-4EF0-A1E3-4261757783D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"0224D3F1-8B86-432C-8F5B-B4B7B69ADF31"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"EB2FE5FE-0ADE-406E-A23D-FDCC104B2496"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"2E58987A-D7B7-4FFF-9969-E8FD76AE2BE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E779C0D4-A8F7-4976-B3C8-B9802B96E715"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"C7457415-D893-474B-ABA6-9841BB5CC6DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"3EFB8038-F336-4038-9AEA-C24253FAD578"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"39CDE4A5-0C54-41BD-B53F-9215FD1E61D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*","matchCriteriaId":"0DD89AAD-C615-42AF-B8AF-E6067862F0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"28AFF11D-E418-4A76-B557-F60622602537"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0A86A69D-2B90-4B3B-A6EC-88358284787D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"080BEA58-9667-4C2C-810D-DC1187DB67DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"34072A94-CFEB-4FAA-8E68-E98D4F7602E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"C79FF7EC-AD91-4F9F-B8AC-B1A9C9271816"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"7C61DC50-CAB6-4197-90C8-A2B48EE8F761"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"178FFC73-28CC-471E-A1E8-1AF8BC731DD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*","matchCriteriaId":"B32ADA05-5F5D-45B6-BB7B-3FA6A6F229F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"D6526E82-A6A6-4A65-9B01-B3FCB947F44E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CF3B74FA-DF84-4E3E-BCF9-44EEF9E45910"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"DC024CDE-DA63-4E87-BA97-5E8C06B0D8B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"25DA0DD2-E974-448C-BD05-ED6FCA4725FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C5F6F47F-0C86-4554-8517-A6A0CD29B3B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"8EDB7A3C-D1F5-4D24-8B8C-F104EC8C7D42"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"E79AD72B-D9B3-4BCB-BCAE-B0B5127D76AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*","matchCriteriaId":"DAF96553-DB70-4DFA-8658-306A7477DD06"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"83C415EF-E87B-4259-A836-59B3A9C3914B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"AFD32E67-9D8D-437D-96BC-CA97A1F686BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0E5D9967-1B53-427B-9B23-77DC399F3D71"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r2:*:*:*:*:*:*","matchCriteriaId":"EB843A79-1B1C-4638-96B9-F1F191F1F75F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.4:-:*:*:*:*:*:*","matchCriteriaId":"AB88E877-1028-4B5C-BAE2-6C606D607FE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.4:r1:*:*:*:*:*:*","matchCriteriaId":"21728887-97A1-4AC7-8121-B6CEA5D6BAB4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F96EA365-93FE-423E-AC9F-CABEAFF25B0C"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110078","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53962","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.600","lastModified":"2026-07-14T01:35:33.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:13:14.855663Z","id":"CVE-2026-53962","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.5","matchCriteriaId":"E41661D7-5D61-44CF-BFEA-57C53057A46F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.2","matchCriteriaId":"E594AEEC-13D5-48EE-AE07-0C3C25FBBC72"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.5.0","versionEndExcluding":"2026.5.1","matchCriteriaId":"CD722A52-B00A-4548-92CA-807CEB0449B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.6.0:*:*:*:latest:*:*:*","matchCriteriaId":"F2E7E180-2D99-484E-80A8-12F706ABDE65"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/3ee8343cd7f00d59d8513bee0a12e02d50bfc358","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/810c2715799fd08b06fd6ffc664d9562fe9ea6ff","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/92a699d89b84685b6fdd63cd0d0e371793c69dad","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/b8ceb49f4ba52257be30eb3c2ce51a5bf03be5fe","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-jmcf-3367-78vv","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53963","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.763","lastModified":"2026-07-14T02:16:55.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that account. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:17:07.991865Z","id":"CVE-2026-53963","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.5","matchCriteriaId":"E41661D7-5D61-44CF-BFEA-57C53057A46F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.2","matchCriteriaId":"E594AEEC-13D5-48EE-AE07-0C3C25FBBC72"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.5.0","versionEndExcluding":"2026.5.1","matchCriteriaId":"CD722A52-B00A-4548-92CA-807CEB0449B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.6.0:*:*:*:latest:*:*:*","matchCriteriaId":"F2E7E180-2D99-484E-80A8-12F706ABDE65"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/40de62cddadc65c328a1028ab999f3fa94adbfed","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/529e17d4d570a48972e7cf64720e5dd1fdf23ca8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/d92973e51a46cf6dd20c71e6068e6769b67eea5b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/daea5214d833eacbdd3b1a78d99eb14e9cabd915","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-wg5x-7f23-m3r5","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55170","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.937","lastModified":"2026-07-14T01:22:35.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorization_model identifier columns can compare case-distinct values such as user:Alice and user:alice as equivalent, causing two distinct check requests to return the same response. This issue is fixed in 1.18.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openfga","product":"openfga","versions":[{"version":"< 1.18.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:26:05.820781Z","id":"CVE-2026-55170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:openfga:*:*","versionEndExcluding":"0.3.9","matchCriteriaId":"F8BE0906-6EA1-4D09-8A40-DD77D3664362"},{"vulnerable":true,"criteria":"cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.0","matchCriteriaId":"7058BE97-79D7-464E-8412-7797AF2A70B8"}]}]}],"references":[{"url":"https://github.com/openfga/helm-charts/commit/96d5517a2693ff5def451dee7d6b9d1baeb281f8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openfga/helm-charts/releases/tag/openfga-0.3.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openfga/openfga/commit/a2e0dbefc3e01a95c785f81a3563bc6571b08b11","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openfga/openfga/releases/tag/v1.18.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-cf98-j28v-49v6","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55424","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.097","lastModified":"2026-07-14T01:26:52.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic \"featured link\" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content Security Policy protections were modified or disabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:39:57.512653Z","id":"CVE-2026-55424","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.5","matchCriteriaId":"E41661D7-5D61-44CF-BFEA-57C53057A46F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.2","matchCriteriaId":"E594AEEC-13D5-48EE-AE07-0C3C25FBBC72"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.5.0","versionEndExcluding":"2026.5.1","matchCriteriaId":"CD722A52-B00A-4548-92CA-807CEB0449B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.6.0:*:*:*:latest:*:*:*","matchCriteriaId":"F2E7E180-2D99-484E-80A8-12F706ABDE65"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1bce8881e4253d9bbab56f011a12ef899b926b59","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/6679d9a5083488bae10c2adbb345c481c583242c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/6828aee9b15c2655d63b515ac919830bd540ff83","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/c9b9405f5bd0bf0269e505e28e3aad388d7657c5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-695w-7fv8-mxg3","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55689","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.553","lastModified":"2026-07-14T01:28:44.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openfga","product":"openfga","versions":[{"version":"< 1.18.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:45:33.367225Z","id":"CVE-2026-55689","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:openfga:*:*","versionEndExcluding":"0.3.9","matchCriteriaId":"F8BE0906-6EA1-4D09-8A40-DD77D3664362"},{"vulnerable":true,"criteria":"cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.0","matchCriteriaId":"7058BE97-79D7-464E-8412-7797AF2A70B8"}]}]}],"references":[{"url":"https://github.com/openfga/helm-ch","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://github.com/openfga/helm-charts/releases/tag/openfga-0.3.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openfga/openfga/commit/44596773b2e62738720ef215bf7fa04352954271","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openfga/openfga/releases/tag/v1.18.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-hcxc-wf8j-23hv","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57019","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:06.707","lastModified":"2026-07-13T20:58:26.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\n\nAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\n\nWhen this issue happens the following logs can be observed:\n\nfpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\nfpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\n\n\n\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S6","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:29:42.438982Z","id":"CVE-2026-57019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"0EEF1798-F3C2-4645-96E7-1E82368B184D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"4C707226-9C89-4D06-8E8F-2071061E6F2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"3C0C59A7-D826-4D14-AE46-2CA9D0900BC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*","matchCriteriaId":"1B7572BB-9C77-4214-9C5F-CC83C7B93E37"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"CAADBF98-38BE-40E2-AF1B-9077DCED0809"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"127FE528-AB27-4B18-AF3B-1BE7C0AEEE20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*","matchCriteriaId":"84F7BB7E-3A52-4C23-A4D2-50E75C912AFC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*","matchCriteriaId":"2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*","matchCriteriaId":"27175D9A-CA2C-4218-8042-835E25DFCA43"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*","matchCriteriaId":"00C7FC57-8ACF-45AA-A227-7E3B350FD24F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*","matchCriteriaId":"2754C2DF-DF6E-4109-9463-38B4E0465B77"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*","matchCriteriaId":"F4A26704-A6A4-4C4F-9E12-A0A0259491EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*","matchCriteriaId":"D02580FA-1F11-4568-BAFA-C1E0EAF67100"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*","matchCriteriaId":"3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*","matchCriteriaId":"104858BD-D31D-40E0-8524-2EC311F10EAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*","matchCriteriaId":"B5E08E1E-0FE4-4294-9497-BBFFECA2A220"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110079","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57020","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:06.887","lastModified":"2026-07-13T20:57:06.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\n\n\n\nThis issue affects Junos OS on QFX10000 Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4.\n\n\n\nThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["QFX10000 Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:28:54.914596Z","id":"CVE-2026-57020","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"A46347EE-31C0-4D06-A862-536789F4F823"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"0EEF1798-F3C2-4645-96E7-1E82368B184D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"4C707226-9C89-4D06-8E8F-2071061E6F2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"3C0C59A7-D826-4D14-AE46-2CA9D0900BC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"1453E42A-77B3-4922-8EC3-1A5668C39550"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*","matchCriteriaId":"26408465-BD6A-4416-B98E-691A5F651080"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110080","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57021","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.057","lastModified":"2026-07-13T20:33:08.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  23.2 versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1, 25.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series"],"versions":[{"version":"23.2","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S1, 25.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:28:36.986263Z","id":"CVE-2026-57021","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"A46347EE-31C0-4D06-A862-536789F4F823"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"0EEF1798-F3C2-4645-96E7-1E82368B184D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"4C707226-9C89-4D06-8E8F-2071061E6F2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"3C0C59A7-D826-4D14-AE46-2CA9D0900BC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*","matchCriteriaId":"1B7572BB-9C77-4214-9C5F-CC83C7B93E37"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"CAADBF98-38BE-40E2-AF1B-9077DCED0809"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"127FE528-AB27-4B18-AF3B-1BE7C0AEEE20"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.4:-:*:*:*:*:*:*","matchCriteriaId":"978CFC13-350E-4D03-94A9-11EB56664B8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.4:r1:*:*:*:*:*:*","matchCriteriaId":"EC7D104D-2643-4E2E-9B5D-314D537124AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*","matchCriteriaId":"2CEBF85C-736A-4E7D-956A-3E8210D4F70B"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*","matchCriteriaId":"4AE06B18-BFB5-4029-A05D-386CFBFBF683"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*","matchCriteriaId":"48A1DCCD-208C-46D9-8E14-89592B49AB9A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*","matchCriteriaId":"80F9DC32-5ADF-4430-B1A6-357D0B29DB78"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*","matchCriteriaId":"8B82D4C4-7A65-409A-926F-33C054DCBFBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*","matchCriteriaId":"CE535749-F4CE-4FFA-B23D-BF09C92481E5"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*","matchCriteriaId":"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx400:-:*:*:*:*:*:*:*","matchCriteriaId":"460EE132-9BBF-49F2-9569-1B5D0ADCBA1E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*","matchCriteriaId":"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*","matchCriteriaId":"E5942B6E-AFC7-40E4-8007-68C804BD52E3"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*","matchCriteriaId":"CCC5F6F5-4347-49D3-909A-27A3A96D36C9"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*","matchCriteriaId":"826F893F-7B06-43B5-8653-A8D9794C052E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx440:-:*:*:*:*:*:*:*","matchCriteriaId":"3E15DA7D-AED1-4943-9AEF-565D551311A5"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*","matchCriteriaId":"56BA6B86-D3F4-4496-AE46-AC513C6560FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*","matchCriteriaId":"462CFD52-D3E2-4F7A-98AC-C589D2420556"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*","matchCriteriaId":"2FDDC897-747F-44DD-9599-7266F9B5B7B1"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA098D-CBE4-4E62-9EC0-43E1B6098710"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*","matchCriteriaId":"66F474D4-79B6-4525-983C-9A9011BD958B"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110081","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57025","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.747","lastModified":"2026-07-13T20:30:38.043","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\n\nOn EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\n\nThis issue affects EX Series, QFX Series, MX Series:\nJunos OS:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX Series","QFX Series","MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R1-S2","versionType":"custom","status":"affected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R1-S3-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:10:45.027060Z","id":"CVE-2026-57025","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-466"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*","matchCriteriaId":"3B3302CB-457F-4BD2-B80B-F70FB4C4542E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*","matchCriteriaId":"979C3597-C53B-4F4B-9EA7-126DA036C86D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*","matchCriteriaId":"47DAF5E7-E610-4D74-8573-41C16D642837"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*","matchCriteriaId":"152FD759-F5D2-4ACE-ADD6-7FE89B31D961"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*","matchCriteriaId":"C2521C83-E8F2-4621-9727-75BB3FC11E64"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*","matchCriteriaId":"6F496D19-D28C-4517-90A3-90EC62BC5D79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*","matchCriteriaId":"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h-12t:-:*:*:*:*:*:*:*","matchCriteriaId":"8386ECFA-2ECF-4DC3-AC42-D964B48F0009"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*","matchCriteriaId":"E594D6DC-87F6-40D2-8268-ED6021462168"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*","matchCriteriaId":"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1BB20B5-EA30-4E8E-9055-2E629648436A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*","matchCriteriaId":"2B425BB1-3C78-42B1-A6C1-216E514191F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*","matchCriteriaId":"86E82CE3-F43D-4B29-A64D-B14ADB6CC357"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*","matchCriteriaId":"13C0199E-B9F0-41D3-B625-083990517CDF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*","matchCriteriaId":"8790B456-DFC7-4E82-9A0C-C89787139B79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*","matchCriteriaId":"84F7BB7E-3A52-4C23-A4D2-50E75C912AFC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*","matchCriteriaId":"2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*","matchCriteriaId":"27175D9A-CA2C-4218-8042-835E25DFCA43"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*","matchCriteriaId":"00C7FC57-8ACF-45AA-A227-7E3B350FD24F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*","matchCriteriaId":"2754C2DF-DF6E-4109-9463-38B4E0465B77"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*","matchCriteriaId":"F4A26704-A6A4-4C4F-9E12-A0A0259491EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*","matchCriteriaId":"D02580FA-1F11-4568-BAFA-C1E0EAF67100"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*","matchCriteriaId":"3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*","matchCriteriaId":"104858BD-D31D-40E0-8524-2EC311F10EAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*","matchCriteriaId":"B5E08E1E-0FE4-4294-9497-BBFFECA2A220"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"1453E42A-77B3-4922-8EC3-1A5668C39550"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*","matchCriteriaId":"26408465-BD6A-4416-B98E-691A5F651080"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*","matchCriteriaId":"79A8847B-4F98-4949-8639-5CD2B411D10F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*","matchCriteriaId":"09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*","matchCriteriaId":"AB58A6E9-FFCF-4331-AC3B-45C37BD1943E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5140:-:*:*:*:*:*:*:*","matchCriteriaId":"C3F14350-BB10-411D-B144-FC762CA2608C"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*","matchCriteriaId":"EDC5478F-A047-4F6D-BB11-0077A74C0174"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*","matchCriteriaId":"D877320D-1997-4B66-B11B-864020C755E1"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*","matchCriteriaId":"D193BEBD-9436-468D-B89E-D5720603451D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*","matchCriteriaId":"9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*","matchCriteriaId":"9ABF8F9D-45C1-4554-A213-435A68709FCB"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*","matchCriteriaId":"685120A6-7005-4ECB-A37F-0F225BB92676"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5250:-:*:*:*:*:*:*:*","matchCriteriaId":"574756C3-F97D-4193-A074-3091F978A1DC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*","matchCriteriaId":"C7D6C74F-E85F-4D62-BDAF-FE619B467C76"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"CEF76CCC-68C0-462C-BB8B-2135A90F3B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*","matchCriteriaId":"6DEAA7FD-385F-4221-907E-65ABC16BE4BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"DDEC008A-3137-48D1-8ABC-6DB0EFC40E50"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558D234D-BC50-415F-86D6-8E19D6C3ACE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"33F4EEEE-77E9-4973-A770-99E7BA2F05F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"A4BB6910-B994-45FD-8153-5EC00EE842E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"D657944B-2066-4F2C-BC92-EDF4DE1C165C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"75A58924-6348-44CF-AB39-1FCE17FE81AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"9A903B31-D9E5-43FA-B09F-7E7769803720"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E23BEA27-77F8-4CDF-A49A-FEF9C33DA513"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"6DD20427-FB6A-46CE-B20F-D62CCC9B4A02"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"31A05D5F-9765-49A8-B9DA-64B05E399935"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*","matchCriteriaId":"9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"7147BA60-30A5-4CED-9AAF-F6BEA0528B89"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"6E5CE59B-14B2-4F4C-81B5-0430EC954956"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"FB82B22F-9005-4EF0-A1E3-4261757783D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"0224D3F1-8B86-432C-8F5B-B4B7B69ADF31"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"EB2FE5FE-0ADE-406E-A23D-FDCC104B2496"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"2E58987A-D7B7-4FFF-9969-E8FD76AE2BE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E779C0D4-A8F7-4976-B3C8-B9802B96E715"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"C7457415-D893-474B-ABA6-9841BB5CC6DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"3EFB8038-F336-4038-9AEA-C24253FAD578"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"39CDE4A5-0C54-41BD-B53F-9215FD1E61D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*","matchCriteriaId":"0DD89AAD-C615-42AF-B8AF-E6067862F0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"28AFF11D-E418-4A76-B557-F60622602537"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0A86A69D-2B90-4B3B-A6EC-88358284787D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*","matchCriteriaId":"B32ADA05-5F5D-45B6-BB7B-3FA6A6F229F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"D6526E82-A6A6-4A65-9B01-B3FCB947F44E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CF3B74FA-DF84-4E3E-BCF9-44EEF9E45910"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*","matchCriteriaId":"3B3302CB-457F-4BD2-B80B-F70FB4C4542E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*","matchCriteriaId":"979C3597-C53B-4F4B-9EA7-126DA036C86D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*","matchCriteriaId":"47DAF5E7-E610-4D74-8573-41C16D642837"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*","matchCriteriaId":"152FD759-F5D2-4ACE-ADD6-7FE89B31D961"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*","matchCriteriaId":"C2521C83-E8F2-4621-9727-75BB3FC11E64"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*","matchCriteriaId":"6F496D19-D28C-4517-90A3-90EC62BC5D79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*","matchCriteriaId":"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h-12t:-:*:*:*:*:*:*:*","matchCriteriaId":"8386ECFA-2ECF-4DC3-AC42-D964B48F0009"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*","matchCriteriaId":"E594D6DC-87F6-40D2-8268-ED6021462168"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*","matchCriteriaId":"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1BB20B5-EA30-4E8E-9055-2E629648436A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*","matchCriteriaId":"2B425BB1-3C78-42B1-A6C1-216E514191F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*","matchCriteriaId":"86E82CE3-F43D-4B29-A64D-B14ADB6CC357"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*","matchCriteriaId":"13C0199E-B9F0-41D3-B625-083990517CDF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*","matchCriteriaId":"8790B456-DFC7-4E82-9A0C-C89787139B79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*","matchCriteriaId":"84F7BB7E-3A52-4C23-A4D2-50E75C912AFC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*","matchCriteriaId":"2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*","matchCriteriaId":"27175D9A-CA2C-4218-8042-835E25DFCA43"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*","matchCriteriaId":"00C7FC57-8ACF-45AA-A227-7E3B350FD24F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*","matchCriteriaId":"2754C2DF-DF6E-4109-9463-38B4E0465B77"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*","matchCriteriaId":"F4A26704-A6A4-4C4F-9E12-A0A0259491EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*","matchCriteriaId":"D02580FA-1F11-4568-BAFA-C1E0EAF67100"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*","matchCriteriaId":"3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*","matchCriteriaId":"104858BD-D31D-40E0-8524-2EC311F10EAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*","matchCriteriaId":"B5E08E1E-0FE4-4294-9497-BBFFECA2A220"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"1453E42A-77B3-4922-8EC3-1A5668C39550"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*","matchCriteriaId":"26408465-BD6A-4416-B98E-691A5F651080"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*","matchCriteriaId":"79A8847B-4F98-4949-8639-5CD2B411D10F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*","matchCriteriaId":"09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*","matchCriteriaId":"AB58A6E9-FFCF-4331-AC3B-45C37BD1943E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5140:-:*:*:*:*:*:*:*","matchCriteriaId":"C3F14350-BB10-411D-B144-FC762CA2608C"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*","matchCriteriaId":"EDC5478F-A047-4F6D-BB11-0077A74C0174"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*","matchCriteriaId":"D877320D-1997-4B66-B11B-864020C755E1"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*","matchCriteriaId":"D193BEBD-9436-468D-B89E-D5720603451D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*","matchCriteriaId":"9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*","matchCriteriaId":"9ABF8F9D-45C1-4554-A213-435A68709FCB"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*","matchCriteriaId":"685120A6-7005-4ECB-A37F-0F225BB92676"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5250:-:*:*:*:*:*:*:*","matchCriteriaId":"574756C3-F97D-4193-A074-3091F978A1DC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*","matchCriteriaId":"C7D6C74F-E85F-4D62-BDAF-FE619B467C76"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110085","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57027","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.093","lastModified":"2026-07-13T20:26:30.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\n\nThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\n\nuser@host> show chassis fpc \nThis issue affects Junos OS on EX4100 Series and EX4400:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX4100 Series","EX4400 Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:33:27.417390Z","id":"CVE-2026-57027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*","matchCriteriaId":"C2521C83-E8F2-4621-9727-75BB3FC11E64"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*","matchCriteriaId":"6F496D19-D28C-4517-90A3-90EC62BC5D79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*","matchCriteriaId":"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h-12t:-:*:*:*:*:*:*:*","matchCriteriaId":"8386ECFA-2ECF-4DC3-AC42-D964B48F0009"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*","matchCriteriaId":"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110087","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57028","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.257","lastModified":"2026-07-13T20:24:50.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:37:11.630273Z","id":"CVE-2026-57028","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"CEF76CCC-68C0-462C-BB8B-2135A90F3B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*","matchCriteriaId":"6DEAA7FD-385F-4221-907E-65ABC16BE4BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"DDEC008A-3137-48D1-8ABC-6DB0EFC40E50"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558D234D-BC50-415F-86D6-8E19D6C3ACE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"33F4EEEE-77E9-4973-A770-99E7BA2F05F5"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110088","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57029","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.453","lastModified":"2026-07-13T20:23:46.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).\n\n\nWhen the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX Series:\n\n\n  *  all 23.2 versions, \n  *  23.4 versions before 23.4R2-S7-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S3-EVO,\n  *  25.2 versions before 25.2R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","platforms":["QFX Series"],"versions":[{"version":"0","lessThan":"23.4R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3-EVO","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:51.065414Z","id":"CVE-2026-57029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-820"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:*:*:*:*:*:*:*","matchCriteriaId":"D1EC14A0-074B-445D-BDF8-7B54E38712F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*","matchCriteriaId":"9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"7147BA60-30A5-4CED-9AAF-F6BEA0528B89"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"6E5CE59B-14B2-4F4C-81B5-0430EC954956"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"FB82B22F-9005-4EF0-A1E3-4261757783D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"0224D3F1-8B86-432C-8F5B-B4B7B69ADF31"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"EB2FE5FE-0ADE-406E-A23D-FDCC104B2496"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"2E58987A-D7B7-4FFF-9969-E8FD76AE2BE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E779C0D4-A8F7-4976-B3C8-B9802B96E715"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"C7457415-D893-474B-ABA6-9841BB5CC6DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"3EFB8038-F336-4038-9AEA-C24253FAD578"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*","matchCriteriaId":"0DD89AAD-C615-42AF-B8AF-E6067862F0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"28AFF11D-E418-4A76-B557-F60622602537"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0A86A69D-2B90-4B3B-A6EC-88358284787D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"080BEA58-9667-4C2C-810D-DC1187DB67DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"34072A94-CFEB-4FAA-8E68-E98D4F7602E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"C79FF7EC-AD91-4F9F-B8AC-B1A9C9271816"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"7C61DC50-CAB6-4197-90C8-A2B48EE8F761"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"178FFC73-28CC-471E-A1E8-1AF8BC731DD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*","matchCriteriaId":"B32ADA05-5F5D-45B6-BB7B-3FA6A6F229F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"D6526E82-A6A6-4A65-9B01-B3FCB947F44E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CF3B74FA-DF84-4E3E-BCF9-44EEF9E45910"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"DC024CDE-DA63-4E87-BA97-5E8C06B0D8B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"25DA0DD2-E974-448C-BD05-ED6FCA4725FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C5F6F47F-0C86-4554-8517-A6A0CD29B3B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"8EDB7A3C-D1F5-4D24-8B8C-F104EC8C7D42"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*","matchCriteriaId":"DAF96553-DB70-4DFA-8658-306A7477DD06"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"83C415EF-E87B-4259-A836-59B3A9C3914B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"AFD32E67-9D8D-437D-96BC-CA97A1F686BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0E5D9967-1B53-427B-9B23-77DC399F3D71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"1453E42A-77B3-4922-8EC3-1A5668C39550"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*","matchCriteriaId":"26408465-BD6A-4416-B98E-691A5F651080"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*","matchCriteriaId":"79A8847B-4F98-4949-8639-5CD2B411D10F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*","matchCriteriaId":"09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*","matchCriteriaId":"AB58A6E9-FFCF-4331-AC3B-45C37BD1943E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5140:-:*:*:*:*:*:*:*","matchCriteriaId":"C3F14350-BB10-411D-B144-FC762CA2608C"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*","matchCriteriaId":"EDC5478F-A047-4F6D-BB11-0077A74C0174"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*","matchCriteriaId":"D877320D-1997-4B66-B11B-864020C755E1"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*","matchCriteriaId":"D193BEBD-9436-468D-B89E-D5720603451D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*","matchCriteriaId":"9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*","matchCriteriaId":"9ABF8F9D-45C1-4554-A213-435A68709FCB"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*","matchCriteriaId":"685120A6-7005-4ECB-A37F-0F225BB92676"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5250:-:*:*:*:*:*:*:*","matchCriteriaId":"574756C3-F97D-4193-A074-3091F978A1DC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*","matchCriteriaId":"C7D6C74F-E85F-4D62-BDAF-FE619B467C76"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110089","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57030","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.643","lastModified":"2026-07-13T20:16:07.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\n\n\n\nuser@host> show security flow session | match timeout\nSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\n\nThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary':\n\nuser@host> show security flow session summary | match invalid\nInvalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\n\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S1, 24.4R2-S2,\n  *  25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect releases earlier than 24.2R1;"}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series"],"versions":[{"version":"24.2","lessThan":"24.2R2-S3","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S1","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R1-S2","versionType":"custom","status":"affected"},{"version":"0","lessThan":"24.2R1","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:22.610309Z","id":"CVE-2026-57030","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"0EEF1798-F3C2-4645-96E7-1E82368B184D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*","matchCriteriaId":"1B7572BB-9C77-4214-9C5F-CC83C7B93E37"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"CAADBF98-38BE-40E2-AF1B-9077DCED0809"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*","matchCriteriaId":"2CEBF85C-736A-4E7D-956A-3E8210D4F70B"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*","matchCriteriaId":"4AE06B18-BFB5-4029-A05D-386CFBFBF683"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*","matchCriteriaId":"48A1DCCD-208C-46D9-8E14-89592B49AB9A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*","matchCriteriaId":"80F9DC32-5ADF-4430-B1A6-357D0B29DB78"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*","matchCriteriaId":"8B82D4C4-7A65-409A-926F-33C054DCBFBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*","matchCriteriaId":"CE535749-F4CE-4FFA-B23D-BF09C92481E5"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*","matchCriteriaId":"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx400:-:*:*:*:*:*:*:*","matchCriteriaId":"460EE132-9BBF-49F2-9569-1B5D0ADCBA1E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*","matchCriteriaId":"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*","matchCriteriaId":"E5942B6E-AFC7-40E4-8007-68C804BD52E3"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*","matchCriteriaId":"CCC5F6F5-4347-49D3-909A-27A3A96D36C9"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*","matchCriteriaId":"826F893F-7B06-43B5-8653-A8D9794C052E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx440:-:*:*:*:*:*:*:*","matchCriteriaId":"3E15DA7D-AED1-4943-9AEF-565D551311A5"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*","matchCriteriaId":"56BA6B86-D3F4-4496-AE46-AC513C6560FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*","matchCriteriaId":"462CFD52-D3E2-4F7A-98AC-C589D2420556"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*","matchCriteriaId":"2FDDC897-747F-44DD-9599-7266F9B5B7B1"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA098D-CBE4-4E62-9EC0-43E1B6098710"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*","matchCriteriaId":"66F474D4-79B6-4525-983C-9A9011BD958B"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110090","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57032","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:09.007","lastModified":"2026-07-13T20:07:12.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted. \n\nThe following log message can be seen when this issue happens:\n\nagentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor>\n\n\nThis issue affects Junos OS on \n\nEX2300, EX3400, EX4000, EX4100 and EX4400\n\ndevices:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before  24.2R2-S5,\n  *  24.4 versions before 24.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX3400","EX4100","EX4400","EX2300","EX4000"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:34:41.285297Z","id":"CVE-2026-57032","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-236"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"A46347EE-31C0-4D06-A862-536789F4F823"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"8557B82E-1A18-4586-B1CF-F75497E8DFD4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*","matchCriteriaId":"3B3302CB-457F-4BD2-B80B-F70FB4C4542E"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*","matchCriteriaId":"979C3597-C53B-4F4B-9EA7-126DA036C86D"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*","matchCriteriaId":"47DAF5E7-E610-4D74-8573-41C16D642837"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*","matchCriteriaId":"152FD759-F5D2-4ACE-ADD6-7FE89B31D961"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*","matchCriteriaId":"C2521C83-E8F2-4621-9727-75BB3FC11E64"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*","matchCriteriaId":"6F496D19-D28C-4517-90A3-90EC62BC5D79"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*","matchCriteriaId":"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4100-h-12t:-:*:*:*:*:*:*:*","matchCriteriaId":"8386ECFA-2ECF-4DC3-AC42-D964B48F0009"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*","matchCriteriaId":"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110092","source":"sirt@juniper.net","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57054","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:09.180","lastModified":"2026-07-13T20:03:52.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\n\n\n\nIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2-S1,\n  *  25.4 versions before 25.4R1-S2, 25.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-S1","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S2, 25.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:33:58.330913Z","id":"CVE-2026-57054","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2","matchCriteriaId":"3D14745F-3090-483F-9DB4-C424FA09BD21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"078D61B9-A228-453C-9D20-6F9C6B20637F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"F1F136A0-021D-43FE-BDD3-AD7201F7FC03"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*","matchCriteriaId":"37147BC9-9ED8-48AE-906A-614AD8600962"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:*","matchCriteriaId":"7897729C-4128-49E9-B4A1-25353BC4DBB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*","matchCriteriaId":"E6974492-FE69-4340-8881-61C3329C1545"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*","matchCriteriaId":"279E59FE-96DF-4E1D-A3A2-61D180F04533"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*","matchCriteriaId":"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s7:*:*:*:*:*:*","matchCriteriaId":"A46347EE-31C0-4D06-A862-536789F4F823"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*","matchCriteriaId":"266B520A-482A-43F7-90F8-B9D64D30034F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*","matchCriteriaId":"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r2-s4:*:*:*:*:*:*","matchCriteriaId":"8557B82E-1A18-4586-B1CF-F75497E8DFD4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*","matchCriteriaId":"C452BDCB-34E3-42D3-8909-2312356EB70A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*","matchCriteriaId":"2B8158F2-2028-40E9-955F-CFD581A32F60"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"1A7233A1-EC7A-4458-9AE1-835480A03A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*","matchCriteriaId":"D74087E2-5CAA-4085-8408-EB70EC1D5D91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*","matchCriteriaId":"0EEF1798-F3C2-4645-96E7-1E82368B184D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"4C707226-9C89-4D06-8E8F-2071061E6F2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"3C0C59A7-D826-4D14-AE46-2CA9D0900BC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*","matchCriteriaId":"1B7572BB-9C77-4214-9C5F-CC83C7B93E37"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*","matchCriteriaId":"CAADBF98-38BE-40E2-AF1B-9077DCED0809"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"127FE528-AB27-4B18-AF3B-1BE7C0AEEE20"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*","matchCriteriaId":"6C7B9DEB-7472-4010-8717-8050555C2FAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.4:-:*:*:*:*:*:*","matchCriteriaId":"978CFC13-350E-4D03-94A9-11EB56664B8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.4:r1:*:*:*:*:*:*","matchCriteriaId":"EC7D104D-2643-4E2E-9B5D-314D537124AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:25.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"B84E68A2-5A34-4D6D-BF32-5273BB296C15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*","matchCriteriaId":"84F7BB7E-3A52-4C23-A4D2-50E75C912AFC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*","matchCriteriaId":"D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*","matchCriteriaId":"2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*","matchCriteriaId":"27175D9A-CA2C-4218-8042-835E25DFCA43"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*","matchCriteriaId":"00C7FC57-8ACF-45AA-A227-7E3B350FD24F"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*","matchCriteriaId":"2754C2DF-DF6E-4109-9463-38B4E0465B77"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*","matchCriteriaId":"F4A26704-A6A4-4C4F-9E12-A0A0259491EF"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*","matchCriteriaId":"D02580FA-1F11-4568-BAFA-C1E0EAF67100"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*","matchCriteriaId":"3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*","matchCriteriaId":"104858BD-D31D-40E0-8524-2EC311F10EAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*","matchCriteriaId":"B5E08E1E-0FE4-4294-9497-BBFFECA2A220"}]}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110093","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59831","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.483","lastModified":"2026-07-14T02:16:57.493","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopback HTTP or HTTPS address, allowing a crafted vscode:// or vscode-insiders:// URL to be handed to VS Code. This issue is fixed in version 2.96.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cli","product":"cli","versions":[{"version":">= 2.10.0, < 2.96.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:20:49.738308Z","id":"CVE-2026-59831","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/cli/cli/commit/b300f2ec7ec9dc9addc39b2ad88c54097ded7ca0","source":"security-advisories@github.com"},{"url":"https://github.com/cli/cli/releases/tag/v2.96.0","source":"security-advisories@github.com"},{"url":"https://github.com/cli/cli/security/advisories/GHSA-8cg3-r6g9-fpg2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59855","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.293","lastModified":"2026-07-14T02:16:57.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an event handler, and execute JavaScript that can run OS commands in the Electron renderer. This issue is fixed in versions 3.7.1-alpha.2 and 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:23:41.617962Z","id":"CVE-2026-59855","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/efbe3a557720034782643e55c9e0282530cb6bbb","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w3gq-5j72-36vc","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w3gq-5j72-36vc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15317","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:33.027","lastModified":"2026-07-14T02:16:53.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Guarded Web Fetch Flow"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:26:17.804998Z","id":"CVE-2026-15317","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3078","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-50181","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.340","lastModified":"2026-07-14T02:16:55.357","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directory to `curr_dir` and then operate on the user-supplied `file_path` without resolving and enforcing that the final path remains inside `curr_dir`. As a result, a tool caller can supply path traversal sequences such as `../secret.txt` to read files outside the configured current directory, or `../written_by_tool.txt` to write files outside that directory. This can impact applications that expose Langroid file tools to an LLM agent, user-controlled tool call, or delegated coding/documentation agent while relying on `curr_dir` to restrict file access to a project/workspace directory. Version 0.64.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.64.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:24:55.646460Z","id":"CVE-2026-50181","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/56e2756ecab70a70a7e6edbee2f2187b8484683e","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11392","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:35.223","lastModified":"2026-07-14T02:16:52.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:30:05.845882Z","id":"CVE-2026-11392","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/class-wphb-helpers.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/elementor/widgets/archive-room/list-results-room.php#L214","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/wphb-functions.php#L748","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/v2/loop-v2.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/elementor/widgets/archive-room/list-results-room.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/v2/loop-v2.php#L39","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b56ca04-c6eb-401f-aa8a-b933c0527e51?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15329","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:50.590","lastModified":"2026-07-14T02:16:53.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Browser Tool"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:28:37.180527Z","id":"CVE-2026-15329","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871#issuecomment-4922534422","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15329","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853098","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15282","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.820","lastModified":"2026-07-14T02:16:53.297","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tenteeglobal","product":"Instant Appointment","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:30:46.022116Z","id":"CVE-2026-15282","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/ajax/ajax_services.php#L3","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L584","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L598","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/097b1530-64fa-45b2-85f3-c6a2311405b5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15288","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.923","lastModified":"2026-07-14T02:16:53.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'create_payment_intent' and 'create_subscription_intent' functions without validating it against the form's configured price. This makes it possible for unauthenticated attackers to modify the payment amount to any arbitrary value when submitting a Stripe payment form, potentially purchasing products or services at significantly reduced prices."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"brainstormforce","product":"SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:33:45.829558Z","id":"CVE-2026-15288","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/front-end.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/payment-helper.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0e0f22-de42-4da9-a0c1-ae41ba57be03?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15296","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.837","lastModified":"2026-07-14T02:16:53.510","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is a bypass to CVE-2024-10227."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cservit","product":"affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:34:12.909237Z","id":"CVE-2026-15296","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/affiliate-toolkit-starter/trunk/includes/atkp_output.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3227483/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5e64a33-6165-4257-b324-0bbab4129e54?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15302","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.677","lastModified":"2026-07-14T02:16:53.617","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"reputeinfosystems","product":"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:33:12.868825Z","id":"CVE-2026-15302","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3062692/armember-membership/trunk/core/classes/class.arm_members_activity.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8734f5-4d23-454d-bf00-6e9d36982098?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12400","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.553","lastModified":"2026-07-14T02:16:52.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the update_form due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to modify the content, design, and settings of, as well as publish or revert, any form on the site — including forms owned by administrators — by supplying an arbitrary form ID in the REST URL."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"priyanshuchaudhary","product":"FlowForms – Conversational Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:35:35.039908Z","id":"CVE-2026-12400","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L48","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L493","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L603","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L654","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L694","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3577870%40flowforms&new=3577870%40flowforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4e6133-f833-4da2-af4a-e7e7fcedfe3c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1946","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.540","lastModified":"2026-07-14T02:16:54.707","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the plugin from GravityWrite via the 'gwaiwebu_gravitywrite_disconnect' AJAX action."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nandhiniwp","product":"GW AI Website Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:34:45.471570Z","id":"CVE-2026-1946","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3481065%40gw-ai-website-builder&new=3481065%40gw-ai-website-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49405ba1-b0fd-429b-a30a-95c8d3f26545?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12918","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:22.893","lastModified":"2026-07-14T02:16:52.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like '1) OR ...' evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"getwpfunnels","product":"Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.24.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:38:02.218291Z","id":"CVE-2026-12918","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L1088","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/Database/models/ContactGroupPivotModel.php#L130","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/MrmCommon.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592458%40mail-mint&new=3592458%40mail-mint","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7c500e-311f-4db5-8a54-de7b02fb11dd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15378","sourceIdentifier":"secalert@redhat.com","published":"2026-07-10T10:16:23.553","lastModified":"2026-07-14T02:16:54.120","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-fms-guardrails-orchestrator-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:36:55.860314Z","id":"CVE-2026-15378","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15378","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498941","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-56305","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.300","lastModified":"2026-07-14T02:16:56.633","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:43:35.373101Z","id":"CVE-2026-56305","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-620"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-rjr5-qxqj-cx8g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-authentication-bypass-in-password-change-via-missing-current-password-validation","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-rjr5-qxqj-cx8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56354","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.030","lastModified":"2026-07-13T16:54:48.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions can inject malicious scripts or redirect parameters to perform stored XSS attacks or phishing redirects against end users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.24","versionType":"semver","status":"affected"},{"version":"1.123.24","versionType":"semver","status":"unaffected"},{"version":"2.0.0-rc.0","lessThan":"2.10.4","versionType":"semver","status":"affected"},{"version":"2.10.4","versionType":"semver","status":"unaffected"},{"version":"2.11.0","lessThan":"2.12.0","versionType":"semver","status":"affected"},{"version":"2.12.0","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.10.4","versionType":"semver","status":"affected"},{"version":"2.10.4","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.24","versionType":"semver","status":"affected"},{"version":"1.123.24","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:42:31.372790Z","id":"CVE-2026-56354","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionEndExcluding":"1.123.24","matchCriteriaId":"07FC279B-4896-450A-A849-CB7735CDE923"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionEndExcluding":"1.123.24","matchCriteriaId":"728DA3ED-BDF9-4676-9975-67299436A107"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.10.4","matchCriteriaId":"4C5C1900-4B1A-4F5E-B9FA-4AAF159C5B34"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionStartIncluding":"2.10.0","versionEndExcluding":"2.10.4","matchCriteriaId":"BD594FF5-3528-41B5-A45A-9C2FA9D263CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionStartIncluding":"2.11.0","versionEndExcluding":"2.12.0","matchCriteriaId":"7A37F350-0018-4794-A8BB-A69126E6A666"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.11.0","versionEndExcluding":"2.12.0","matchCriteriaId":"DDDFC728-DF73-4EA1-9BC5-9F97267CDF6A"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-cross-site-scripting-and-open-redirect-in-form-node","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56366","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.217","lastModified":"2026-07-14T02:16:56.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-18","versionType":"semver","status":"affected"},{"version":"7.1.2-18","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-43","versionType":"semver","status":"affected"},{"version":"6.9.13-43","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:45:40.341590Z","id":"CVE-2026-56366","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-43","matchCriteriaId":"AE210D23-0EC1-400A-A545-0CABCB44EF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-18","matchCriteriaId":"A761D9D6-07EA-4D5D-94AA-7ED80672FE0E"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-58661","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.987","lastModified":"2026-07-13T16:57:20.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.28.0","versionType":"semver","status":"affected"},{"version":"2.28.0","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.58","versionType":"semver","status":"affected"},{"version":"1.123.58","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:43:17.458913Z","id":"CVE-2026-58661","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionEndExcluding":"1.123.58","matchCriteriaId":"C0D5E843-3923-4473-B810-8B7DAAED1640"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionEndExcluding":"1.123.58","matchCriteriaId":"46606938-85AC-4EFB-ACF1-D4928DB1DE79"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.28.0","matchCriteriaId":"66F12A64-36CD-426C-953C-1241930B85F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.28.0","matchCriteriaId":"FB416B55-F149-4B73-A880-383334CB89E4"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w867-jm58-p9pv","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-disk-space-exhaustion-via-data-table-file-upload-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-60086","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.417","lastModified":"2026-07-14T02:16:57.743","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are classified as HIGH threat level and pass through unblocked to reach the model."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:46:22.800842Z","id":"CVE-2026-60086","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4r3p-w3mc-5v34","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-prompt-injection-defense-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4r3p-w3mc-5v34","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61437","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.350","lastModified":"2026-07-14T02:16:57.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output_pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec_module without sandboxing, ignoring the PRAISONAI_ALLOW_*_TOOLS environment variables. An attacker who controls a workflow file and its sibling tools.py can execute arbitrary Python code with the workflow runner's privileges when the workflow is executed via WorkflowManager or after load_yaml."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:47:25.539795Z","id":"CVE-2026-61437","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4gfv-wg42-7jw5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-remote-code-execution-via-tools-py","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4gfv-wg42-7jw5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15374","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T16:16:26.517","lastModified":"2026-07-13T16:16:33.867","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["Group Interface"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:47:46.616812Z","id":"CVE-2026-15374","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15374","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15374","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797458","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377441","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377441/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15375","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T16:16:26.667","lastModified":"2026-07-14T02:16:53.997","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["LDAP User Interface"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:52:04.169937Z","id":"CVE-2026-15375","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/blob/main/eleveo/call-recording-software/CVE-2026-15375","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15375","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797459","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377442","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377442/cti","source":"cna@vuldb.com"},{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15375","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33382","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:29.130","lastModified":"2026-07-13T20:51:35.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:59:38.846803Z","id":"CVE-2026-33382","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.15","matchCriteriaId":"B154BC07-0914-4E25-9D84-FB64205493F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.9","matchCriteriaId":"052CFAA8-0386-43DF-869A-643997178E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.7","matchCriteriaId":"C77AA4CC-A590-4948-A010-5A1154502E47"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.4","matchCriteriaId":"F820291A-C1C6-4DBC-8064-6133F16547C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.2","matchCriteriaId":"643002A3-545F-4605-AAAF-EF55C5B14392"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33382","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56676","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:34.923","lastModified":"2026-07-13T19:17:24.127","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:11:05.854652Z","id":"CVE-2026-56676","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8595","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:39.400","lastModified":"2026-07-13T20:51:42.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:59:08.422134Z","id":"CVE-2026-8595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.4","matchCriteriaId":"F820291A-C1C6-4DBC-8064-6133F16547C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.2","matchCriteriaId":"643002A3-545F-4605-AAAF-EF55C5B14392"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-8595","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8609","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:39.510","lastModified":"2026-07-13T20:51:48.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:53:40.169487Z","id":"CVE-2026-8609","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.15","matchCriteriaId":"B154BC07-0914-4E25-9D84-FB64205493F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.9","matchCriteriaId":"052CFAA8-0386-43DF-869A-643997178E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.7","matchCriteriaId":"C77AA4CC-A590-4948-A010-5A1154502E47"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.4","matchCriteriaId":"F820291A-C1C6-4DBC-8064-6133F16547C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.2","matchCriteriaId":"643002A3-545F-4605-AAAF-EF55C5B14392"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-8609","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15376","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T17:16:54.267","lastModified":"2026-07-13T18:16:27.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T20:26:38.380986Z","id":"CVE-2026-15376","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15376","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15376","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797461","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377443","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377443/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15377","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T17:16:54.430","lastModified":"2026-07-13T18:16:27.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:44:09.588892Z","id":"CVE-2026-15377","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15377","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15377","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797462","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377444","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377444/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-53657","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:57.987","lastModified":"2026-07-14T02:16:55.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addresses, including Unix socket addresses for privileged daemons like D-Bus. This issue is fixed in version 2.1.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lima-vm","product":"lima","versions":[{"version":"< 2.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:53:00.727696Z","id":"CVE-2026-53657","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"},{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/lima-vm/lima/commit/8a45892378d22f40505c31a38f786a07701b6d50","source":"security-advisories@github.com"},{"url":"https://github.com/lima-vm/lima/commit/b08cae8a670cf916d5da11c48a6de76dabd89678","source":"security-advisories@github.com"},{"url":"https://github.com/lima-vm/lima/releases/tag/v2.1.3","source":"security-advisories@github.com"},{"url":"https://github.com/lima-vm/lima/security/advisories/GHSA-2j9v-p4xj-cjw2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55780","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.733","lastModified":"2026-07-13T19:17:15.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"M2Team","product":"NanaZip","versions":[{"version":"< 6.5.1749.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:14:14.547640Z","id":"CVE-2026-55780","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55782","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.017","lastModified":"2026-07-14T02:16:56.287","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against the data present in the file. A tiny crafted module can force multi-gigabyte allocations during listing or extraction through NameSize, Information.Size, and std::string or vector allocation paths, causing memory exhaustion or process termination. This issue is fixed in version 6.5.1749.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"M2Team","product":"NanaZip","versions":[{"version":"< 6.5.1749.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T02:00:08.437231Z","id":"CVE-2026-55782","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/M2Team/NanaZip/commit/1ce90f2d14a984476d0407a835273705607facf2","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/commit/56aee89037947410dd5e66f3a087e0f290484bae","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/commit/92b12a6e1eb0cf8e88fcc277aa7508ca1ff27db6","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-qxhc-2v6p-wm8m","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-qxhc-2v6p-wm8m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55885","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.273","lastModified":"2026-07-14T02:16:56.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, through the backup download endpoint protected only by the session-static admin-nonce URL parameter. This issue is reported as fixed in version 1.7.53."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.7.53","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:57:32.723483Z","id":"CVE-2026-55885","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/getgrav/grav/releases/tag/1.7.53","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-2f86-9cp8-6hcf","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-2f86-9cp8-6hcf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58493","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.860","lastModified":"2026-07-13T19:17:30.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing an administrator with plugin configuration access to inject DSN attributes or path traversal values. This issue is fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:06:16.210963Z","id":"CVE-2026-58493","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-jm58-p4pv-qcwc","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-jm58-p4pv-qcwc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59161","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.250","lastModified":"2026-07-14T02:16:57.020","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell coordinate to make GetRows append empty rows up to the attacker-controlled index and consume excessive memory and CPU. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:54:56.568240Z","id":"CVE-2026-59161","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/qax-os/excelize/commit/93f0b3caed37f21ef5079e3259c6c21dcfe68453","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/pull/2331","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-q5j5-6p94-4gwc","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-q5j5-6p94-4gwc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55671","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:23.503","lastModified":"2026-07-14T02:16:56.173","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to loopback, internal IP, link-local, or redirected endpoints through DNS rebinding, redirects, or protocol downgrades. This issue is fixed in version 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":"< 4.15.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T02:03:33.548877Z","id":"CVE-2026-55671","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/b6f78086913b8d916bce9ab2e049ab0d84f947fd","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-29jh-8cfq-rr8x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56666","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:24.150","lastModified":"2026-07-13T19:17:23.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive provider account with a victim email address to be linked to the victim's local account. This issue is fixed in version 4.15.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":"< 4.15.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:09:40.948313Z","id":"CVE-2026-56666","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/c97012f0c5dc2fe960ae6e940cbea23229f0557f","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.3","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-992q-9gwp-7r79","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53449","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:24.073","lastModified":"2026-07-13T19:17:10.570","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:23:37.703271Z","id":"CVE-2026-53449","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/coturn/coturn/commit/e72930f571beba3bc7a9f97661af2614aae92a55","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/releases/tag/4.13.0","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-jj76-vwjw-w34r","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-jj76-vwjw-w34r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55464","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:24.800","lastModified":"2026-07-13T16:16:37.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:00:11.543277Z","id":"CVE-2026-55464","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.2","matchCriteriaId":"0C0389D5-B8C4-48C1-8E1C-6CCC59B5B631"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/releases/tag/v8.6.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55472","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:24.920","lastModified":"2026-07-13T19:17:13.897","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:22:35.325309Z","id":"CVE-2026-55472","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.2","matchCriteriaId":"0C0389D5-B8C4-48C1-8E1C-6CCC59B5B631"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/releases/tag/v8.6.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55476","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:25.230","lastModified":"2026-07-13T17:17:33.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user’s pending asset requests. This issue is fixed in version 8.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:15:42.883304Z","id":"CVE-2026-55476","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.0","matchCriteriaId":"698F7E88-EE9A-464A-AB75-BFD87E4AF0D2"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/releases/tag/v8.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55843","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:26.250","lastModified":"2026-07-13T16:16:38.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target’s administrative or granular permissions. This issue is fixed in version 8.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:53:48.248969Z","id":"CVE-2026-55843","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.0","matchCriteriaId":"698F7E88-EE9A-464A-AB75-BFD87E4AF0D2"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/releases/tag/v8.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59151","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:26.780","lastModified":"2026-07-13T19:17:32.477","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from user.email instead of binding token issuance to the validated SAML configuration. An authenticated attacker with a controlled SAML IdP could complete a valid SAML flow for an attacker-controlled domain while asserting an email address from another configured domain, causing a SAMLToken and tenant-scoped JWT to be issued for the wrong tenant and enabling cross-tenant account takeover. This issue is fixed in version 5.30.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"prowler-cloud","product":"prowler","versions":[{"version":"< 5.30.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:02:53.136588Z","id":"CVE-2026-59151","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/prowler-cloud/prowler/commit/bf3b5c2ba713e533014927141b64948c82c8f32e","source":"security-advisories@github.com"},{"url":"https://github.com/prowler-cloud/prowler/commit/f5ff30ad175bd2edf02cd28872653c1cda5867b7","source":"security-advisories@github.com"},{"url":"https://github.com/prowler-cloud/prowler/pull/11650","source":"security-advisories@github.com"},{"url":"https://github.com/prowler-cloud/prowler/releases/tag/5.30.3","source":"security-advisories@github.com"},{"url":"https://github.com/prowler-cloud/prowler/security/advisories/GHSA-h8m9-jgf8-vwvp","source":"security-advisories@github.com"},{"url":"https://github.com/prowler-cloud/prowler/security/advisories/GHSA-h8m9-jgf8-vwvp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61459","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T19:17:27.450","lastModified":"2026-07-13T16:16:42.763","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flux159","product":"mcp-server-kubernetes","defaultStatus":"unaffected","repo":"https://github.com/Flux159/mcp-server-kubernetes","packageURL":"pkg:npm/mcp-server-kubernetes","versions":[{"version":"0","lessThan":"3.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:55:05.825674Z","id":"CVE-2026-61459","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/Flux159/mcp-server-kubernetes/commit/d7890f50a4567bf5d9842541ba6f41e180227f9a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/issues/328","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/pull/329","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/releases/tag/3.9.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mcp-server-kubernetes-argument-injection-via-kubectl-structured-tools","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-54714","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T20:16:46.173","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute escaping. A SAML application flow with a crafted RelayState from GET or POST /api/saml/:id/authn could inject script that runs on the Logto tenant origin after the user completes login. This issue is fixed in version 1.41.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"logto-io","product":"logto","versions":[{"version":"< 1.41.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:18:29.074854Z","id":"CVE-2026-54714","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/logto-io/logto/commit/209fa0a5cbe8522f9cf31873239dc6424099bb5e","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/pull/9008","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/releases/tag/v1.41.0","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-cpm5-w86q-w85f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55370","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T20:16:46.333","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window = 1 and did not persist or compare the accepted TOTP time-step counter. An attacker who has the victim's first factor and captures a live TOTP value can replay that value to satisfy MFA during the same acceptance window. This issue is fixed in version 1.41.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"logto-io","product":"logto","versions":[{"version":"< 1.41.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T20:14:33.407390Z","id":"CVE-2026-55370","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://github.com/logto-io/logto/commit/9118867f6cbadc7291cf913beb4fede91ed5d374","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/pull/9109","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/releases/tag/v1.41.0","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-6wj7-c66m-6c82","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55377","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T20:16:46.460","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new passkey could be created and verified with only an existing Account API bearer token, then sent in the logto-verification-id header and treated as identityVerified=true by Account Center routes, allowing MFA factor management without proving possession of an existing password, identifier, or MFA factor. This issue is fixed in version 1.41.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"logto-io","product":"logto","versions":[{"version":"< 1.41.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:20:33.380860Z","id":"CVE-2026-55377","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/logto-io/logto/commit/f56255a7edf3b22b0ec2fdb814814ce6b0123b74","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/pull/9110","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/releases/tag/v1.41.0","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-q4h3-38gc-4p4j","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-q4h3-38gc-4p4j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55789","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T20:16:47.933","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into element-text placeholders of a SAML XML template using samlify 2.10.0, which left those placeholders unescaped. An authenticated low-privilege user could place XML markup in a profile attribute so Logto signed a forged SAML attribute, such as an arbitrary role, allowing privilege escalation at relying Service Providers that authorize on SAML attributes. This issue is fixed in version 1.41.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"logto-io","product":"logto","versions":[{"version":"< 1.41.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:16:09.500167Z","id":"CVE-2026-55789","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-91"}]}],"references":[{"url":"https://github.com/logto-io/logto/commit/9097054860f0d638d90778d3dcde2ba050b844b6","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/pull/9107","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/releases/tag/v1.41.0","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-vfpw-vq44-4p63","source":"security-advisories@github.com"},{"url":"https://github.com/logto-io/logto/security/advisories/GHSA-vfpw-vq44-4p63","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57157","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T20:16:48.387","lastModified":"2026-07-13T22:44:25.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.28.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T20:53:09.630827Z","id":"CVE-2026-57157","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.28.0","matchCriteriaId":"A8B55819-E57A-4BF4-87DF-357FBF92006F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/02991e7b3cc0b9800b09030c0e9c80bab877d668","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FreeRDP/FreeRDP/commit/bd789a31cb794750dbe5e7c0e205981074cb681a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FreeRDP/FreeRDP/pull/12930","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FreeRDP/FreeRDP/pull/12945","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FreeRDP/FreeRDP/releases/tag/3.28.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47fr-jw86-c3fj","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12761","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T21:16:53.160","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the 'email_field' POST parameter without verifying that the email belongs to the identity returned by the OAuth provider, combined with send_otp_token() returning the SHA-512(customer_key || otp) transaction hash to the client where the OTP space is only 99,000 values (wp_rand(1000, 99999)) and the customer_key is a static option (empty on unregistered installs). This makes it possible for unauthenticated attackers to trigger an OTP email to an arbitrary admin's address, crack the OTP offline from the leaked hash in under a second, and submit the cracked OTP to mo_openid_social_login_validate_otp(), which logs the attacker in as the user whose email was supplied — granting full administrator access."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cyberlord92","product":"miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:02:24.833874Z","id":"CVE-2026-12761","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/miniorange-login-openid/tags/7.7.0/class-mo-openid-login-widget.php#L1502","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-login-openid/tags/7.7.0/mo-openid-social-login-functions.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-login-openid/tags/7.7.0/view/profile_completion/mo_openid_prof_comp_funct.php#L191","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-login-openid/tags/7.7.0/view/profile_completion/mo_openid_prof_comp_funct.php#L41","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3592642/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a56b59ce-29c2-4172-b703-a06d7bb28da0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13039","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T21:16:53.283","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform an action in the payment_complete() function of PaymentController.php. This makes it possible for unauthenticated attackers to mark unpaid ticket orders as completed by submitting a fabricated SureCart checkout ID or FluentCart cart hash, granting themselves paid event access, QR-code attendee tickets, and order confirmation emails without making any real payment. The wp_rest nonce required to reach the vulnerable endpoint is embedded in every public event page, meaning no WordPress session or credentials are needed to obtain it. This vulnerability represents a regression — the same function and endpoint were previously patched but the fix did not persist through subsequent releases."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)","defaultStatus":"unaffected","versions":[{"version":"4.0.26","lessThanOrEqual":"4.1.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:36:37.552409Z","id":"CVE-2026-13039","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600977%40wp-event-solution&new=3600977%40wp-event-solution","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84a5348a-a307-4db4-83b6-08682282a4b8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-34196","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-07-10T21:16:54.297","lastModified":"2026-07-13T19:24:52.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the second mapping\n\n\n\nThe second virtual mapping references a physical address that has been freed after the first virtual mapping has been freed. This allows the physical memory to be allocated (for example) by another process and read/written to."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM2","versionType":"custom","status":"affected"},{"version":"23.2 RTM2","versionType":"custom","status":"affected"},{"version":"24.2 RTM2","versionType":"custom","status":"affected"},{"version":"25.1 RTM2","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM1","versionType":"custom","status":"affected"},{"version":"26.1 RTM2","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:18:40.279772Z","id":"CVE-2026-34196","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-41154","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-07-10T21:16:54.410","lastModified":"2026-07-13T19:24:52.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls.\n\n\n\nWhen indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM2","versionType":"custom","status":"unaffected"},{"version":"23.2 RTM2","versionType":"custom","status":"unaffected"},{"version":"24.2 RTM2","versionType":"custom","status":"affected"},{"version":"25.1 RTM2","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM1","versionType":"custom","status":"affected"},{"version":"26.1 RTM2","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:19:41.693234Z","id":"CVE-2026-41154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-45203","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-07-10T21:16:54.760","lastModified":"2026-07-13T19:24:52.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.\n\n\n\nA TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM2","versionType":"custom","status":"affected"},{"version":"23.2 RTM2","versionType":"custom","status":"affected"},{"version":"24.2 RTM2","versionType":"custom","status":"affected"},{"version":"25.1 RTM2","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM1","versionType":"custom","status":"affected"},{"version":"26.1 RTM2","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:33:59.825342Z","id":"CVE-2026-45203","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-55213","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:55.497","lastModified":"2026-07-13T19:24:52.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling alloca, which exceeds the default pthread stack size used by musl libc and causes the h2o server to crash with a segmentation fault while touching the guard page. This issue is fixed in commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"h2o","versions":[{"version":"< edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:29.008624Z","id":"CVE-2026-55213","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/h2o/h2o/commit/edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/h2o/security/advisories/GHSA-432c-8xmj-frmq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55229","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:55.630","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local file resources during document conversion, enabling blind SSRF and limited local file disclosure via linked image resource loading. This issue is fixed in version 8.34.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gotenberg","product":"gotenberg","versions":[{"version":"< 8.34.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:19:17.726529Z","id":"CVE-2026-55229","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gotenberg/gotenberg/commit/98fc40347885ad510a311b990a73397c6d4143db","source":"security-advisories@github.com"},{"url":"https://github.com/gotenberg/gotenberg/releases/tag/v8.34.0","source":"security-advisories@github.com"},{"url":"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-2mrg-35hw-x3x9","source":"security-advisories@github.com"},{"url":"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-2mrg-35hw-x3x9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55405","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:55.977","lastModified":"2026-07-13T18:09:30.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to  1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter() can break out of its SQL context and inject arbitrary SQL into the statements executed by the stores' search and removeAll(Filter) operations, enabling blind data exfiltration, denial of service via sleep functions, and deletion of arbitrary rows through removeAll(Filter). This issue is fixed in langchain4j-mariadb and langchain4j-pgvector versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain4j","product":"langchain4j","versions":[{"version":"< 1.2.1-beta8","status":"affected"},{"version":">= 1.3.0-beta9, < 1.5.1-beta11","status":"affected"},{"version":">= 1.6.0-beta12, < 1.11.8-beta19","status":"affected"},{"version":">= 1.12.1-beta21, < 1.16.3-beta26","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:07:40.563039Z","id":"CVE-2026-55405","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/langchain4j/langchain4j/commit/13a0698bdfaf105d8aaf0367881df51358596219","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/commit/1bc1f60aa58ef5c3c1703caf73362482480351cf","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/commit/8805d5d128694302f1b0a2650174186862f669e7","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/commit/ce96291dfb243c7f6753b5d65c7a77914642314f","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/commit/f14a10ce77e4ea1b8277f67d6a81f46abd7a5bc2","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/releases/tag/1.16.3","source":"security-advisories@github.com"},{"url":"https://github.com/langchain4j/langchain4j/security/advisories/GHSA-2mfg-cc43-9pcj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55659","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:56.577","lastModified":"2026-07-13T18:12:29.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's name or description, set by a document editor, is rendered into the page that other users load when opening the document. On the OAuth2 end-of-flow page, the openerOrigin request parameter was reflected back into the served page. Injected script runs in the victim's Grist origin and can act through the authenticated session, reading or modifying data and changing sharing settings and access rules. A document editor could therefore escalate to owner-level access. This issue is fixed in version 1.7.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gristlabs","product":"grist-core","versions":[{"version":"< 1.7.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:01:16.076169Z","id":"CVE-2026-55659","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/gristlabs/grist-core/commit/4ced8064b7ea0e1763d5a6a2588b22774ce7efbc","source":"security-advisories@github.com"},{"url":"https://github.com/gristlabs/grist-core/releases/tag/v1.7.15","source":"security-advisories@github.com"},{"url":"https://github.com/gristlabs/grist-core/security/advisories/GHSA-6qrq-h2h6-cw54","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55664","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:56.723","lastModified":"2026-07-13T19:17:14.547","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, including public access on a publicly viewable document, could request the metadata of any widget and reveal table and column structure that access rules would otherwise hide, even in documents that contain no forms. This issue is fixed in version 1.7.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gristlabs","product":"grist-core","versions":[{"version":"< 1.7.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:34:28.495573Z","id":"CVE-2026-55664","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/gristlabs/grist-core/commit/14694156fe99c438c5f7a452ad367e933bb194db","source":"security-advisories@github.com"},{"url":"https://github.com/gristlabs/grist-core/releases/tag/v1.7.15","source":"security-advisories@github.com"},{"url":"https://github.com/gristlabs/grist-core/security/advisories/GHSA-w2hc-w6cg-xvh9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55879","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:57.367","lastModified":"2026-07-13T18:12:29.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated dashboard through TextEllipsis and the event-details modal, allowing an unauthenticated attacker to store script that executes in the dashboard origin, reads the session JWT from localStorage, and takes over a dashboard account. This issue is fixed in version 1.25.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openreplay","product":"openreplay","versions":[{"version":">= 1.24.0, < 1.25.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:18:50.950950Z","id":"CVE-2026-55879","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/commit/ec41f4425a99c478a4418adbd2f094ab6a8b0daf","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/releases/tag/v1.25.0","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-3mfc-7hf4-jfxh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55880","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:57.493","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.update_widget and dashboards.remove_widget filtered only on dashboard id and widget id, allowing any authenticated member to delete another user's private session notes and remove or rewrite widgets on another user's private dashboards."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openreplay","product":"openreplay","versions":[{"version":"<= 1.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:03:07.971405Z","id":"CVE-2026-55880","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-9xfv-p2fx-vmx9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55881","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:57.653","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the requester's tenant and did not verify that the session belonged to that project, allowing any authenticated low-privilege user to read another tenant's first 15 seconds of session-replay recording data. This issue is fixed in version 1.27.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openreplay","product":"openreplay","versions":[{"version":">= 1.22.0, < 1.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:12:11.588758Z","id":"CVE-2026-55881","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/commit/ddd09117f644a309c7b040cda0a11ff9433e9e49","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/pull/4692","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/releases/tag/v1.27.0","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-w2x5-m7w5-479h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57211","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.007","lastModified":"2026-07-13T22:40:24.073","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled, causing outbound DNS and SMB requests to attacker-controlled UNC paths. This issue is fixed in versions 4.1.11 and 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"},{"version":">= 4.1.0, < 4.1.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:13:26.395813Z","id":"CVE-2026-57211","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-36"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.2.6","matchCriteriaId":"84526045-0282-4A10-93F0-FF5D342AA751"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/39c3a8e9c71da0403d8dfc13f700e60c936e3682","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/6730797f6a34b4e8308cea60adf1243857e70204","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15803","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-7v84-m3g5-vxq6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-7v84-m3g5-vxq6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57212","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.150","lastModified":"2026-07-13T22:37:54.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths because read_complete_body checks the accumulated size before the final chunk but not the final combined size. This issue is fixed in versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.5","status":"affected"},{"version":">= 4.1.0, < 4.1.10","status":"affected"},{"version":">= 4.0.0, < 4.0.19","status":"affected"},{"version":">= 3.13.0, < 3.13.14","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:16:41.679987Z","id":"CVE-2026-57212","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"4.2.5","matchCriteriaId":"A8B5D729-F02C-4538-9537-A86ADBA73956"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/3976d148901bdfa82e1cd60b7a4534e073266ba5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/b8fc2ef7c50a2797d15e1ea7cf34f290032303bb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15712","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15714","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5cmq-vp28-xqrj","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5cmq-vp28-xqrj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57214","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.423","lastModified":"2026-07-13T21:27:48.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange to execute JavaScript in another user's browser. This issue is fixed in version 4.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:04:20.083518Z","id":"CVE-2026-57214","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.5","matchCriteriaId":"D0F1FEA6-1634-4719-8966-7C326ACE656A"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/b0027b6c1ae5b869d876e211efe6189ffd92b5c2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/b267a290dd89e42c6e0256f46fc273a8adb7f3ec","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15606","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15608","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-6jfq-prw2-7rwp","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-6jfq-prw2-7rwp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57215","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.550","lastModified":"2026-07-13T21:27:14.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks, leaving persistent route entries after unbind. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"},{"version":">= 4.1.0, < 4.1.11","status":"affected"},{"version":">= 4.0.0, < 4.0.21","status":"affected"},{"version":">= 3.13.0, < 3.13.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:07:36.918767Z","id":"CVE-2026-57215","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"4.2.6","matchCriteriaId":"6B5BD560-DF1B-43F3-BC3C-212B06A9BB64"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/9055500d10ca7629dd2b051c6dc7a4b0bb8f6734","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/c84f3c880e0f22b49c01237cf8f86e176eeadc72","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15935","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15938","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5cq3-v9jx-p3x3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5cq3-v9jx-p3x3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57216","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.677","lastModified":"2026-07-13T21:09:20.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend listener is loopback-bound because the loopback check uses the listener-side socket address instead of the real client source. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"},{"version":">= 4.1.0, < 4.1.11","status":"affected"},{"version":">= 4.0.0, < 4.0.21","status":"affected"},{"version":">= 3.13.0, < 3.13.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:00:50.887777Z","id":"CVE-2026-57216","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"4.2.6","matchCriteriaId":"6B5BD560-DF1B-43F3-BC3C-212B06A9BB64"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/7273c9eb6920abcde17b892dbe97ccaf906ead47","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/9f8c39fcf0acbc43080ee7017a62a02832114112","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15936","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15940","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-36m6-588r-vqcw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-36m6-588r-vqcw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57217","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.810","lastModified":"2026-07-13T21:04:14.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backend treats as allow. This issue is fixed in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"},{"version":">= 4.1.0, < 4.1.11","status":"affected"},{"version":">= 4.0.0, < 4.0.21","status":"affected"},{"version":">= 3.13.0, < 3.13.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:58:00.640115Z","id":"CVE-2026-57217","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"4.2.6","matchCriteriaId":"6B5BD560-DF1B-43F3-BC3C-212B06A9BB64"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/94f1d33a70fcfa09006649599e79fc92786a2d36","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/ce1f682aa6b398820c5e3ce1ff7435184027c82c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15941","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/15943","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gpvw-75h5-3wvx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gpvw-75h5-3wvx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57218","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:58.937","lastModified":"2026-07-13T20:54:58.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after the channel user state changes. This issue is fixed in version 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:17:14.739053Z","id":"CVE-2026-57218","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.6","matchCriteriaId":"7179C053-B8C1-4B72-83EB-456125ED1AAF"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/501ad947cd6bbcc9486fe96e0d073992bfe52cc4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/db20d6c0fcf3056030f244b5adab0d45c0db0c9e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16092","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16097","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-wmrr-4h5v-5ch7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-wmrr-4h5v-5ch7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57220","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:59.180","lastModified":"2026-07-13T20:49:24.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:20:13.084964Z","id":"CVE-2026-57220","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.6","matchCriteriaId":"94C93722-7CEF-409C-B2BE-0AB1DC9D6DD1"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/595ec28fa1621b1f2c28124e4e0466a8ad963547","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/773a49c4921e8be990262a2d609c35916825679e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16171","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16173","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-f364-87q5-j35q","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-f364-87q5-j35q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57221","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:59.327","lastModified":"2026-07-13T20:44:52.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and exchange names and read queue message and consumer counts. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rabbitmq","product":"rabbitmq-server","versions":[{"version":">= 4.2.0, < 4.2.6","status":"affected"},{"version":">= 4.1.0, < 4.1.11","status":"affected"},{"version":">= 4.0.0, < 4.0.21","status":"affected"},{"version":">= 3.13.0, < 3.13.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:20.433678Z","id":"CVE-2026-57221","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"4.2.6","matchCriteriaId":"6B5BD560-DF1B-43F3-BC3C-212B06A9BB64"}]}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/709a14e49e06c138a8cd672c9809ca34a2767962","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/dc3d1aa4f5c3331a425ee599b45be9423a2e83fc","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16085","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/pull/16090","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-9q2j-2hq8-22r2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-9q2j-2hq8-22r2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57230","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:59.450","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an authenticated member to read any ClickHouse table through blind boolean and time-based exfiltration and to break the project's session search for all viewers until the stored key is removed. This issue is fixed in version 1.27.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openreplay","product":"openreplay","versions":[{"version":"< 1.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:02:39.528978Z","id":"CVE-2026-57230","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/commit/ae8de6893250dd41175c6b2d312545c515fa5a16","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/pull/4715","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/releases/tag/v1.27.0","source":"security-advisories@github.com"},{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-vxf8-j7jx-p65x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57574","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:16:59.683","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If both credentials and a TOTP code are obtained concurrently, an attacker may reuse the code to perform unauthorized actions, potentially leading to account takeover. This issue is fixed in version 2026.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"misskey-dev","product":"misskey","versions":[{"version":"< 2026.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:33:16.735830Z","id":"CVE-2026-57574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://github.com/misskey-dev/misskey/commit/00c6210a591db2b0be438740d05b82070fa68ac6","source":"security-advisories@github.com"},{"url":"https://github.com/misskey-dev/misskey/commit/d323fe00d04ac46ab0b4e66fce9169effaa8dfb7","source":"security-advisories@github.com"},{"url":"https://github.com/misskey-dev/misskey/releases/tag/2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/misskey-dev/misskey/security/advisories/GHSA-2m5x-5mp6-6vpq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57807","sourceIdentifier":"audit@patchstack.com","published":"2026-07-10T21:16:59.947","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.\n\nThis issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"miniOrange Security Software Pvt Ltd.","product":"OAuth Single Sign On - SSO (OAuth Client)","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"38.5.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:01:08.867705Z","id":"CVE-2026-57807","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/miniorange-oauth-oidc-single-sign-on/vulnerability/wordpress-oauth-single-sign-on-sso-oauth-client-plugin-38-5-8-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-58499","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T21:17:00.197","lastModified":"2026-07-13T19:49:37.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and project_id. During user-memory extraction, sender_id is used as owner_id and joined into the filesystem path where the extracted episode is persisted as a Markdown file, so a sender_id containing ../ sequences could direct writes outside the configured memory root and allow an unauthenticated caller to create or overwrite .md files at locations writable by the server process with partially attacker-influenced content. This issue is fixed in version 1.0.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"EverMind-AI","product":"EverOS","versions":[{"version":"< 1.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:18:10.495611Z","id":"CVE-2026-58499","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/EverMind-AI/EverOS/commit/a10cdcd197747f371b7879a32c2cc3f77471e9c2","source":"security-advisories@github.com"},{"url":"https://github.com/EverMind-AI/EverOS/releases/tag/v1.0.1","source":"security-advisories@github.com"},{"url":"https://github.com/EverMind-AI/EverOS/security/advisories/GHSA-c795-2g9c-j48m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-7639","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-07-10T21:17:00.637","lastModified":"2026-07-13T19:24:52.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.\n\n\n\nTriggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM2","versionType":"custom","status":"affected"},{"version":"23.2 RTM2","versionType":"custom","status":"affected"},{"version":"24.2 RTM2","versionType":"custom","status":"affected"},{"version":"25.1 RTM2","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM1","versionType":"custom","status":"affected"},{"version":"26.1 RTM2","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:20:58.947220Z","id":"CVE-2026-7639","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-11909","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:38.973","lastModified":"2026-07-13T19:16:36.507","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Examples for Developers","collectionURL":"https://www.drupal.org/project/examples","repo":"https://git.drupalcode.org/project/examples","versions":[{"version":"0.0.0","lessThan":"4.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:09:04.872649Z","id":"CVE-2026-11909","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-044","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-12535","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.077","lastModified":"2026-07-13T19:16:37.887","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Formatter Field","collectionURL":"https://www.drupal.org/project/formatter_field","repo":"https://git.drupalcode.org/project/formatter_field","versions":[{"version":"0.0.0","lessThan":"2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:12:19.318935Z","id":"CVE-2026-12535","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-048","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13231","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.187","lastModified":"2026-07-13T17:16:49.043","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Advanced Content Feedback (aka admin_feedback)","collectionURL":"https://www.drupal.org/project/admin_feedback","repo":"https://git.drupalcode.org/project/admin_feedback","versions":[{"version":"0.0.0","lessThan":"2.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:39:36.949530Z","id":"CVE-2026-13231","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-051","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13232","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.297","lastModified":"2026-07-13T19:16:38.567","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Advanced Content Feedback (aka admin_feedback)","collectionURL":"https://www.drupal.org/project/admin_feedback","repo":"https://git.drupalcode.org/project/admin_feedback","versions":[{"version":"0.0.0","lessThan":"2.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:03:44.241707Z","id":"CVE-2026-13232","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-052","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13233","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.397","lastModified":"2026-07-13T19:16:39.387","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"OpenAI Provider","collectionURL":"https://www.drupal.org/project/ai_provider_openai","repo":"https://git.drupalcode.org/project/ai_provider_openai","versions":[{"version":"0.0.0","lessThan":"1.1.1","versionType":"semver","status":"affected"},{"version":"1.2.0","lessThan":"1.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:07:51.178825Z","id":"CVE-2026-13233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-053","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13234","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.500","lastModified":"2026-07-13T17:16:51.200","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"AI (Artificial Intelligence)","collectionURL":"https://www.drupal.org/project/ai","repo":"https://git.drupalcode.org/project/ai","versions":[{"version":"0.0.0","lessThan":"1.2.17","versionType":"semver","status":"affected"},{"version":"1.3.0","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"1.4.0","lessThan":"1.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:35:37.537299Z","id":"CVE-2026-13234","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-054","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13235","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.597","lastModified":"2026-07-13T19:16:40.057","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"AI (Artificial Intelligence)","collectionURL":"https://www.drupal.org/project/ai","repo":"https://git.drupalcode.org/project/ai","versions":[{"version":"0.0.0","lessThan":"1.2.17","versionType":"semver","status":"affected"},{"version":"1.3.0","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"1.4.0","lessThan":"1.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:06:25.605894Z","id":"CVE-2026-13235","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-055","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13236","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.700","lastModified":"2026-07-13T19:16:40.740","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"AI Agents","collectionURL":"https://www.drupal.org/project/ai_agents","repo":"https://git.drupalcode.org/project/ai_agents","versions":[{"version":"0.0.0","lessThan":"1.1.4","versionType":"semver","status":"affected"},{"version":"1.2.0","lessThan":"1.2.5","versionType":"semver","status":"affected"},{"version":"1.3.0","lessThan":"1.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:04:57.983393Z","id":"CVE-2026-13236","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-056","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13237","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.797","lastModified":"2026-07-13T19:16:41.430","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"AI Agents","collectionURL":"https://www.drupal.org/project/ai_agents","repo":"https://git.drupalcode.org/project/ai_agents","versions":[{"version":"0.0.0","lessThan":"1.1.4","versionType":"semver","status":"affected"},{"version":"1.2.0","lessThan":"1.2.5","versionType":"semver","status":"affected"},{"version":"1.3.0","lessThan":"1.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:56:55.672795Z","id":"CVE-2026-13237","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-057","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13238","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:39.900","lastModified":"2026-07-13T19:16:42.123","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Commerce Realex / Global Payments","collectionURL":"https://www.drupal.org/project/commerce_realex","repo":"https://git.drupalcode.org/project/commerce_realex","versions":[{"version":"0.0.0","lessThan":"3.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:00:05.316182Z","id":"CVE-2026-13238","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-058","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13239","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.010","lastModified":"2026-07-13T19:16:42.790","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"WissKI","collectionURL":"https://www.drupal.org/project/wisski","repo":"https://git.drupalcode.org/project/wisski","versions":[{"version":"0.0.0","lessThan":"4.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:01:00.645752Z","id":"CVE-2026-13239","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-059","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13240","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.113","lastModified":"2026-07-13T19:16:43.460","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Paragraphs","collectionURL":"https://www.drupal.org/project/paragraphs","repo":"https://git.drupalcode.org/project/paragraphs","versions":[{"version":"0.0.0","lessThan":"1.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:01:44.925904Z","id":"CVE-2026-13240","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-060","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13241","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.217","lastModified":"2026-07-13T19:16:44.143","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Paragraphs","collectionURL":"https://www.drupal.org/project/paragraphs","repo":"https://git.drupalcode.org/project/paragraphs","versions":[{"version":"0.0.0","lessThan":"1.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:02:25.580381Z","id":"CVE-2026-13241","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-061","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13242","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.320","lastModified":"2026-07-13T17:16:57.690","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Geolocation Field","collectionURL":"https://www.drupal.org/project/geolocation","repo":"https://git.drupalcode.org/project/geolocation","versions":[{"version":"0.0.0","lessThan":"3.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:04:12.683170Z","id":"CVE-2026-13242","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-062","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13243","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.420","lastModified":"2026-07-13T19:16:44.843","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Salesforce Suite","collectionURL":"https://www.drupal.org/project/salesforce","repo":"https://git.drupalcode.org/project/salesforce","versions":[{"version":"0.0.0","lessThan":"5.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:53:10.588760Z","id":"CVE-2026-13243","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-063","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-13244","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.523","lastModified":"2026-07-13T19:16:45.523","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Tealium iQ Tag Management","collectionURL":"https://www.drupal.org/project/tealiumiq","repo":"https://git.drupalcode.org/project/tealiumiq","versions":[{"version":"0.0.0","lessThan":"2.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:55:08.289819Z","id":"CVE-2026-13244","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-064","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15079","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.627","lastModified":"2026-07-13T18:16:27.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Login Disable","collectionURL":"https://www.drupal.org/project/login_disable","repo":"https://git.drupalcode.org/project/login_disable","versions":[{"version":"0.0.0","lessThan":"2.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:50:36.737920Z","id":"CVE-2026-15079","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-070","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15080","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.730","lastModified":"2026-07-13T19:16:46.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Ray Enterprise Translation","collectionURL":"https://www.drupal.org/project/lingotek","repo":"https://git.drupalcode.org/project/lingotek","versions":[{"version":"0.0.0","lessThan":"4.0.4","versionType":"semver","status":"affected"},{"version":"4.1.0","lessThan":"4.1.4","versionType":"semver","status":"affected"},{"version":"11.0.0","lessThan":"11.0.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:52:00.722612Z","id":"CVE-2026-15080","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-071","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15081","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.827","lastModified":"2026-07-13T19:16:47.133","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Location Selector","collectionURL":"https://www.drupal.org/project/location_selector","repo":"https://git.drupalcode.org/project/location_selector","versions":[{"version":"0.0.0","lessThan":"1.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:15:58.057878Z","id":"CVE-2026-15081","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-072","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15082","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:40.923","lastModified":"2026-07-13T19:16:47.817","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting (XSS). This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Siteimprove Analytics","collectionURL":"https://www.drupal.org/project/siteimprove_analytics","repo":"https://git.drupalcode.org/project/siteimprove_analytics","versions":[{"version":"0.0.0","lessThan":"2.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:15:12.564935Z","id":"CVE-2026-15082","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-073","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15083","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:41.030","lastModified":"2026-07-13T19:16:48.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"ECA: Event - Condition - Action","collectionURL":"https://www.drupal.org/project/eca","repo":"https://git.drupalcode.org/project/eca","versions":[{"version":"0.0.0","lessThan":"2.1.20","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.12","versionType":"semver","status":"affected"},{"version":"3.1.0","lessThan":"3.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:17:35.787782Z","id":"CVE-2026-15083","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-074","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15084","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:41.127","lastModified":"2026-07-13T19:16:49.187","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"UI Patterns (SDC in Drupal UI)","collectionURL":"https://www.drupal.org/project/ui_patterns","repo":"https://git.drupalcode.org/project/ui_patterns","versions":[{"version":"2.0.0","lessThan":"2.0.17","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:14:35.644001Z","id":"CVE-2026-15084","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-075","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15085","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:41.230","lastModified":"2026-07-13T19:16:49.860","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"AI SEO/GEO Analyzer","collectionURL":"https://www.drupal.org/project/ai_seo","repo":"https://git.drupalcode.org/project/ai_seo","versions":[{"version":"0.0.0","lessThan":"1.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:24:39.532853Z","id":"CVE-2026-15085","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-076","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-41482","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:41.337","lastModified":"2026-07-13T19:17:07.760","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 16.18.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:58:01.789429Z","id":"CVE-2026-41482","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/11066591ed7aa91a7b742f3f689277a90e620ce0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/46841f7fde3954e1d3b3a7e248a6d6022343e657","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/38643","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39396","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.18.3","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-234v-jfr8-v2f8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-42219","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:41.550","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via download_backups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 15.109.0","status":"affected"},{"version":">= 16.0.0-beta.1, < 16.19.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:15:48.571346Z","id":"CVE-2026-42219","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/4358f5bd449710027724a1679950d4ea65da6dcc","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/a470a1189132984635e2ec148f87de5232f5535d","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/a562ef2a5a3885895b9f9cf14d5a53e32e52d326","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/38740","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39402","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39403","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v15.109.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.19.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-w4p4-fp9m-47gj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47199","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:41.870","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_query permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in versions 16.18.3 and 15.108.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 15.108.0","status":"affected"},{"version":">= 16.0.0-beta.1, < 16.18.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:59:27.298539Z","id":"CVE-2026-47199","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/628e103f7ffe307447d9fc9e2c572cbddedfa3b5","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/91d3ded038d1c901b73f4a2293e134d691c1662d","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39345","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39346","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v15.108.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.18.3","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-wx8j-cw4r-vrhv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49213","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:42.270","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. A workspace editor or creator can configure a server-side HTTP Request block or guarded script fetch to make the Typebot server connect to local HTTP services through safeKy, including flows triggered by POST /v1/typebots/{publicId}/startChat or POST /v1/sessions/{sessionId}/continueChat. This issue is fixed in version 3.17.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"baptisteArno","product":"typebot.io","versions":[{"version":"< 3.17.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:16:35.005381Z","id":"CVE-2026-49213","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/baptisteArno/typebot.io/commit/f56c3c3f771df13a8c11e88f500dfdd78981bed1","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/pull/2511","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.2","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qx46-p88f-xxm3","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qx46-p88f-xxm3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49394","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:42.410","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 16.19.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:17:33.839082Z","id":"CVE-2026-49394","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/2471d94c397dc23301b30ed3bb30353f53b33f2c","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/6eba29d7ae80cdb4d0b2a245a477b1d2312736ca","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39508","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/39526","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.19.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-r24j-xrj8-273q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54736","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:42.970","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\\Encryption\\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first differing byte. This observable timing discrepancy can allow an attacker to recover a valid tag byte-by-byte and attach it to a chosen IV and ciphertext so that decrypt() accepts tampered encrypted content as authentic. This issue is fixed in version 5.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"phalcon","product":"cphalcon","versions":[{"version":"< 5.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:01:29.598956Z","id":"CVE-2026-54736","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"},{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/phalcon/cphalcon/commit/ad53ab1b2e7ec59b3af92b0b37b8aaa099011137","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/issues/17090","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/pull/17091","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/releases/tag/v5.14.1","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/security/advisories/GHSA-8jqh-95g6-7jpj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55187","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:43.110","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms or prefixes such as NAT64, 6to4, IPv4-compatible IPv6, ISATAP, fec0::/10, and 2001:db8::/32. An attacker who can deliver email and invoke POST /api/v1/message/{ID}/link-check can coerce the Link Check API's safeDialContext path into dialing internal destinations and can use status-code and error feedback to map internal service reachability, including cloud metadata endpoints. This issue is fixed in version 1.30.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"axllent","product":"mailpit","versions":[{"version":"< 1.30.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:55:02.724130Z","id":"CVE-2026-55187","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/axllent/mailpit/commit/a88dadbbe1df016a35a445089ef2a362a6c2de78","source":"security-advisories@github.com"},{"url":"https://github.com/axllent/mailpit/releases/tag/v1.30.2","source":"security-advisories@github.com"},{"url":"https://github.com/axllent/mailpit/security/advisories/GHSA-w4mc-hhc6-xp28","source":"security-advisories@github.com"},{"url":"https://github.com/axllent/mailpit/security/advisories/GHSA-w4mc-hhc6-xp28","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55803","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:43.250","lastModified":"2026-07-13T19:17:16.600","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal core","collectionURL":"https://www.drupal.org/project/drupal","repo":"https://git.drupalcode.org/project/drupal","versions":[{"version":"0.0.0","lessThan":"10.5.12","versionType":"semver","status":"affected"},{"version":"10.6.0","lessThan":"10.6.11","versionType":"semver","status":"affected"},{"version":"11.2.0","lessThan":"11.2.14","versionType":"semver","status":"affected"},{"version":"11.3.0","lessThan":"11.3.12","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.0.*","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.1.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:23:53.103260Z","id":"CVE-2026-55803","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-005","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-55804","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:43.353","lastModified":"2026-07-13T19:17:17.357","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal core","collectionURL":"https://www.drupal.org/project/drupal","repo":"https://git.drupalcode.org/project/drupal","versions":[{"version":"0.0.0","lessThan":"10.5.12","versionType":"semver","status":"affected"},{"version":"10.6.0","lessThan":"10.6.11","versionType":"semver","status":"affected"},{"version":"11.2.0","lessThan":"11.2.14","versionType":"semver","status":"affected"},{"version":"11.3.0","lessThan":"11.3.12","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.0.*","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.1.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:23:03.385832Z","id":"CVE-2026-55804","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-006","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-55806","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:43.460","lastModified":"2026-07-13T19:17:18.153","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal core","collectionURL":"https://www.drupal.org/project/drupal","repo":"https://git.drupalcode.org/project/drupal","versions":[{"version":"0.0.0","lessThan":"10.5.12","versionType":"semver","status":"affected"},{"version":"10.6.0","lessThan":"10.6.11","versionType":"semver","status":"affected"},{"version":"11.2.0","lessThan":"11.2.14","versionType":"semver","status":"affected"},{"version":"11.3.0","lessThan":"11.3.12","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.0.*","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.1.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:21:46.004176Z","id":"CVE-2026-55806","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-007","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-55807","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:43.563","lastModified":"2026-07-13T19:17:18.833","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal core","collectionURL":"https://www.drupal.org/project/drupal","repo":"https://git.drupalcode.org/project/drupal","versions":[{"version":"0.0.0","lessThan":"10.5.12","versionType":"semver","status":"affected"},{"version":"10.6.0","lessThan":"10.6.11","versionType":"semver","status":"affected"},{"version":"11.2.0","lessThan":"11.2.14","versionType":"semver","status":"affected"},{"version":"11.3.0","lessThan":"11.3.12","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.0.*","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.1.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:20:00.967168Z","id":"CVE-2026-55807","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-008","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-55808","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:43.667","lastModified":"2026-07-13T19:17:19.523","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal core","collectionURL":"https://www.drupal.org/project/drupal","repo":"https://git.drupalcode.org/project/drupal","versions":[{"version":"0.0.0","lessThan":"10.5.12","versionType":"semver","status":"affected"},{"version":"10.6.0","lessThan":"10.6.11","versionType":"semver","status":"affected"},{"version":"11.2.0","lessThan":"11.2.14","versionType":"semver","status":"affected"},{"version":"11.3.0","lessThan":"11.3.12","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.0.*","versionType":"semver","status":"affected"},{"version":"0.0.0","lessThan":"11.1.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:18:38.616632Z","id":"CVE-2026-55808","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-009","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-55852","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:43.970","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 15.112.0","status":"affected"},{"version":">= 16.0.0-beta.1, < 16.23.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:11:05.340830Z","id":"CVE-2026-55852","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/3c75f13fd7d4441a880dd236450277dc37fcddfd","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/4772e3e7f72db43d48137af74fa77e5fce903223","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/57e527d933aeffaec0cd735838701792c848e3e7","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/38716","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/40044","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/40045","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v15.112.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.23.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-58w2-4cjg-hvp6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55882","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:44.113","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memory through /debug/pprof/heap and /debug/pprof/goroutine, including session and apiserver tokens, and degrade performance through /debug/pprof/profile or /debug/pprof/trace. This issue is fixed in version 0.37.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"tilt-dev","product":"tilt","versions":[{"version":">= 0.19.5, < 0.37.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:35:59.506037Z","id":"CVE-2026-55882","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/tilt-dev/tilt/commit/47393fba7f6ef5e305d5e814551feef8e4acbc0a","source":"security-advisories@github.com"},{"url":"https://github.com/tilt-dev/tilt/pull/6776","source":"security-advisories@github.com"},{"url":"https://github.com/tilt-dev/tilt/releases/tag/v0.37.4","source":"security-advisories@github.com"},{"url":"https://github.com/tilt-dev/tilt/security/advisories/GHSA-p749-9w62-w533","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57584","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:44.560","lastModified":"2026-07-13T19:21:55.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier (/.), and the same construct is produced by the /:params placeholder and the CLI router. Phalcon\\Mvc\\Router::handle() matches this pattern against the attacker-controlled request URI on every request, so a crafted path such as one containing repeated slashes followed by decoded newlines can trigger catastrophic backtracking and cause CPU exhaustion or route-matching failure. This issue is fixed in version 5.15.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"phalcon","product":"cphalcon","versions":[{"version":"< 5.15.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:04:40.467436Z","id":"CVE-2026-57584","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/phalcon/cphalcon/commit/14ba22d389d5ca620bb9d5207205f836ef1224f2","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/commit/fa798e919cb2c487062bb9899ad6fc2b673b3a67","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/releases/tag/v5.15.0","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/security/advisories/GHSA-x7rj-f32v-7jjg","source":"security-advisories@github.com"},{"url":"https://github.com/phalcon/cphalcon/security/advisories/GHSA-x7rj-f32v-7jjg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58503","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:44.783","lastModified":"2026-07-13T19:17:31.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"frappe","product":"frappe","versions":[{"version":"< 15.106.0","status":"affected"},{"version":">= 16.0.0-beta1, < 16.16.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:35:36.649032Z","id":"CVE-2026-58503","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/frappe/frappe/commit/1ff64d4a67f9a6d8819ac059dc69f023fb9ea264","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/commit/d3becf5672cbb5c7150447161941aeebeeb84ae8","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/38625","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/pull/38626","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v15.106.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/releases/tag/v16.16.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-3vqc-c545-w7jg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58587","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:44.953","lastModified":"2026-07-13T17:18:08.533","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal Canvas","collectionURL":"https://www.drupal.org/project/canvas","repo":"https://git.drupalcode.org/project/canvas","versions":[{"version":"0.0.0","lessThan":"1.4.2","versionType":"semver","status":"affected"},{"version":"1.5.0","lessThan":"1.5.2","versionType":"semver","status":"affected"},{"version":"1.6.0","lessThan":"1.6.1","versionType":"semver","status":"affected"},{"version":"1.7.0","lessThan":"1.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:07:53.243392Z","id":"CVE-2026-58587","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-065","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-58588","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T22:16:45.070","lastModified":"2026-07-13T17:18:09.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Drupal Canvas","collectionURL":"https://www.drupal.org/project/canvas","repo":"https://git.drupalcode.org/project/canvas","versions":[{"version":"0.0.0","lessThan":"1.4.2","versionType":"semver","status":"affected"},{"version":"1.5.0","lessThan":"1.5.2","versionType":"semver","status":"affected"},{"version":"1.6.0","lessThan":"1.6.1","versionType":"semver","status":"affected"},{"version":"1.7.0","lessThan":"1.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:03:21.545661Z","id":"CVE-2026-58588","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-066","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-59155","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T22:16:45.487","lastModified":"2026-07-13T19:49:37.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud SecretKeys, Slack, Discord, and Telegram webhook URLs with embedded bot tokens, and Authorization header values, without any field-level redaction. Any authenticated admin or PAT with nezha:ddns:read or nezha:notification:read scope can receive stored credentials through the listDDNS and listNotification handlers in a single API response. This issue is fixed in version 2.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nezhahq","product":"nezha","versions":[{"version":"< 2.2.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:56:09.671246Z","id":"CVE-2026-59155","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/nezhahq/nezha/commit/39d398066d8c644fe452f74704e34ada6c7ab61e","source":"security-advisories@github.com"},{"url":"https://github.com/nezhahq/nezha/releases/tag/v2.2.5","source":"security-advisories@github.com"},{"url":"https://github.com/nezhahq/nezha/security/advisories/GHSA-ww5p-j6cj-6mqq","source":"security-advisories@github.com"},{"url":"https://github.com/nezhahq/nezha/security/advisories/GHSA-ww5p-j6cj-6mqq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11913","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:46.490","lastModified":"2026-07-13T19:16:37.200","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Mother May I","collectionURL":"https://www.drupal.org/project/mothermayi","repo":"https://git.drupalcode.org/project/mothermayi","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:51:37.001868Z","id":"CVE-2026-11913","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-045","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-11914","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:46.843","lastModified":"2026-07-13T20:16:41.033","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Composer","collectionURL":"https://www.drupal.org/project/composer","repo":"https://git.drupalcode.org/project/composer","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:04:04.700848Z","id":"CVE-2026-11914","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-046","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-11915","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:46.933","lastModified":"2026-07-13T20:16:41.707","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Brute force attack protection","collectionURL":"https://www.drupal.org/project/bfap_sb","repo":"https://git.drupalcode.org/project/bfap_sb","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:05:41.121175Z","id":"CVE-2026-11915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-047","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-14480","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T23:16:47.110","lastModified":"2026-07-13T20:20:52.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenPLC Runtime v3 contains an authenticated arbitrary file write \nvulnerability in the legacy web UI program‑upload workflow. The \napplication stores an attacker‑supplied filename (prog_file) directly \ninto the Programs.File database field and later uses this value as the \ndestination path for an uploaded file without validating or restricting \nthe path. Because Python os.path.join() honors attacker‑controlled \nabsolute paths, an authenticated user can write arbitrary files anywhere\n writable by the OpenPLC webserver process. In the default build \npipeline, all C++ source files within the OpenPLC runtime core directory\n are automatically compiled into the executable runtime binary. By \nwriting a malicious .cpp file into this directory, an authenticated \nattacker can escalate the arbitrary file write into arbitrary native \ncode execution when the operator triggers a normal program compilation \nand runtime start."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"OpenPLC","product":"OpenPLC","defaultStatus":"unaffected","versions":[{"version":"v3","status":"affected"},{"version":"v4","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:40:59.399646Z","id":"CVE-2026-14480","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-190-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-15086","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:47.330","lastModified":"2026-07-13T20:16:43.430","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Raw Formatter [Meta Tag Formatter]","collectionURL":"https://www.drupal.org/project/raw_formatter","repo":"https://git.drupalcode.org/project/raw_formatter","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:09:02.163093Z","id":"CVE-2026-15086","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://www.drupal.org/sa-contrib-2026-077","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15087","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:47.430","lastModified":"2026-07-13T20:16:44.107","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Clean RESTful","collectionURL":"https://www.drupal.org/project/clean_node_api","repo":"https://git.drupalcode.org/project/clean_node_api","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:07:02.850111Z","id":"CVE-2026-15087","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-078","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-15089","sourceIdentifier":"mlhess@drupal.org","published":"2026-07-10T23:16:47.533","lastModified":"2026-07-13T19:16:50.537","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*."}],"affected":[{"source":"mlhess@drupal.org","affectedData":[{"vendor":"Drupal","product":"Commerce guest registration","collectionURL":"https://www.drupal.org/project/commerce_guest_registration","repo":"https://git.drupalcode.org/project/commerce_guest_registration","versions":[{"version":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:52:13.389688Z","id":"CVE-2026-15089","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-079","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-44383","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T23:16:48.343","lastModified":"2026-07-13T20:20:52.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple connections to the backend using the same charging station ID \nare allowed, which could allow an attacker to deploy multiple instances \nof malicious OCPP clients to overwhelm the backend."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Hydro-Québec","product":"Le Circuit Electrique charging station backend","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"June_2026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:34:13.068182Z","id":"CVE-2026-44383","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.hydroquebec.com/nous-joindre/","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-11426","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T02:16:17.287","lastModified":"2026-07-13T18:16:26.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the template_thumbnail parameter and copying their contents into a publicly accessible uploads file. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the server, which can contain sensitive information."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"WebFactory","product":"Under Construction Page (Pro)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.76","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:43:41.421801Z","id":"CVE-2026-11426","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://underconstructionpage.com/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29dff562-e9b0-4cc9-b974-9239fbf0310f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13756","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T02:16:17.457","lastModified":"2026-07-13T17:17:00.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to Administrator by updating their own `wp_capabilities` user meta with a crafted nested array payload."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"WP Grid Builder","product":"WP Grid Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:14:45.849821Z","id":"CVE-2026-13756","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://docs.wpgridbuilder.com/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6a42e0e8-a8c7-4bc5-80ca-5ef69d1f0b6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13114","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.650","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stylemix","product":"Motors – Car Dealership & Classified Listings Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.112","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:26:12.435204Z","id":"CVE-2026-13114","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/assets/js/listing-manager/libs/tooltip.js#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/assets/js/listing-manager/libs/tooltip.js#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/includes/helpers.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/assets/js/listing-manager/libs/tooltip.js#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/assets/js/listing-manager/libs/tooltip.js#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/includes/helpers.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3594971/motors-car-dealership-classified-listings","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e25aa6-8028-4c85-98c4-6f47a1502427?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13262","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.793","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires a valid 'get-smart-reply' nonce, which any Subscriber-level user can obtain by creating a ticket via the public frontend and visiting the resulting ticket detail page, making this effectively exploitable by any authenticated user."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ahmadmj","product":"Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:58.309464Z","id":"CVE-2026-13262","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/includes/ajax.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/smartreply/model.php#L183","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/smartreply/model.php#L184","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/ticket/tpls/ticketdetail.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/includes/ajax.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/smartreply/model.php#L183","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/smartreply/model.php#L184","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/ticket/tpls/ticketdetail.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.2.0/modules/smartreply/model.php?rev=3599140#L212","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/502577dd-49e3-419d-8b37-591be69ad131?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13353","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.937","lastModified":"2026-07-13T18:16:26.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated user who can load an admin page, allowing a Subscriber to install the Import WooCommerce add-on, persist attacker-controlled PHP expressions in the MappedFields parameter, and trigger evaluation via eval() in ImportHelpers::get_meta_values(). This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"smackcoders","product":"WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:40:40.503572Z","id":"CVE-2026-13353","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/InstallAddons.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/SaveMapping.php#L1562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/SaveMapping.php#L185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/wp-ultimate-csv-importer.php#L419","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3591135/wp-ultimate-csv-importer","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e89fc348-1146-4593-8bf5-127f783ab786?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15072","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:19.953","lastModified":"2026-07-13T17:17:02.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires that the attacker hold at minimum a KiviCare Doctor-level account, or a Receptionist or Clinic Admin role that grants the doctor_session_list capability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"iqonicdesign","product":"KiviCare – Clinic & Patient Management System (EHR)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:14:13.473935Z","id":"CVE-2026-15072","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L1283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L470","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L1208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L1282","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L87","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602561%40kivicare-clinic-management-system&new=3602561%40kivicare-clinic-management-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2857fd0-2401-4e38-aa8a-3f0a89e14b78?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3367","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.670","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The register_setting() call on line 197 lacks a sanitize callback, allowing unsanitized data to be stored via update_option(). When the settings page is rendered, the stored value is echoed directly into an HTML input's value attribute without esc_attr() on line 212. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in the settings page that will execute whenever a user accesses the plugin settings page. Multiple fields are affected: App ID (client_id), App Secret (client_secret), Bookings ID prefix (id_prefix), and API domain (api_domain). This vulnerability is particularly impactful in WordPress multisite installations where administrators of individual sites should not be able to execute JavaScript affecting other users."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"lustmored","product":"Lockme calendars integration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.11.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:26:42.291926Z","id":"CVE-2026-3367","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L223","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L256","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L223","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L256","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3495564%40lockme-calendars-integration&new=3495564%40lockme-calendars-integration","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/800b1a44-4173-4b8e-bc69-9a64218e64d6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5743","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.843","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the pgc_sgb_render_callback() function. The vulnerability exists because the pgc_sgb_sanitize_custom_css() function uses a flawed regex pattern that only removes event handlers with quoted values (e.g., onfocus=\"alert()\") but fails to catch unquoted event handlers (e.g., onfocus=alert(document.cookie)), allowing the malicious code to bypass sanitization. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages via block attributes that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"gallerycreator","product":"SimpLy Gallery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:59.861558Z","id":"CVE-2026-5743","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3581386%40simply-gallery-block&new=3581386%40simply-gallery-block","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29b1984d-e6da-49d5-8b40-cdf2f1bcc1bb?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7544","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.993","lastModified":"2026-07-13T18:16:30.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"2coders","product":"Mux Video Uploader","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:41:34.971544Z","id":"CVE-2026-7544","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L668","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L668","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3543763%402coders-integration-mux-video&new=3543763%402coders-integration-mux-video","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e462a7ba-887c-408d-87a6-9260a33dcff5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8678","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:26.903","lastModified":"2026-07-13T17:18:15.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to view and modify shipment options — including carrier, delivery type, package type, number of labels, weight, signature requirement, and insurance — on any arbitrary order."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"richardperdaan","product":"MyParcel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.25.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:14:30.963775Z","id":"CVE-2026-8678","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L653","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L872","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L653","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L872","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3585914%40woocommerce-myparcel&new=3585914%40woocommerce-myparcel","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a7bdae1-b28a-4fc6-9538-944ffeb32796?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13116","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.123","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generate_document_shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to mint publicly accessible, session-free download links for arbitrary third-party orders, exposing customer names, billing and shipping addresses, email addresses, phone numbers, order and invoice numbers, line items, totals, payment details, and customer notes contained in those orders' invoices and packing slips. Exploitation requires the plugin's Document link access type setting to be configured to 'full'; with the default 'logged_in' value, generated URLs are signed with a per-session nonce rather than the order_key, making the shortcode path unexploitable for unauthorized access to third-party orders."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpovernight","product":"PDF Invoices & Packing Slips for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.14.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:25:41.219012Z","id":"CVE-2026-13116","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Endpoint.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Frontend.php#L271","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Frontend.php#L284","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Endpoint.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Frontend.php#L271","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Frontend.php#L284","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3590578%40woocommerce-pdf-invoices-packing-slips&new=3590578%40woocommerce-pdf-invoices-packing-slips","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6525195e-5d90-4dd4-b9ee-612a8295c262?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13250","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.243","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all content previously imported via the Starter Template feature, including posts, pages, media attachments, WooCommerce products, taxonomy terms, and sitebuilder templates. The required nonce is emitted on every wp-admin page via wp_localize_script() hooked to admin_enqueue_scripts without a page guard, meaning any Subscriber visiting /wp-admin/profile.php can obtain it; the handler is additionally registered via wp_ajax_nopriv_, making it reachable by fully unauthenticated users as well."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"solacewp","product":"Solace Extra","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.5.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:36:35.712507Z","id":"CVE-2026-13250","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/admin/class-solace-extra-admin.php#L287","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/admin/import.php#L1424","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/includes/class-solace-extra.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/admin/class-solace-extra-admin.php#L287","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/admin/import.php#L1424","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/includes/class-solace-extra.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3593408%40solace-extra&new=3593408%40solace-extra","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/860747b9-46ab-4c97-af36-f2e104043be0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14262","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.367","lastModified":"2026-07-13T18:16:26.897","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving any attacker-supplied identity claims such as `email`, `id`, or `username` intact and signed into the JWT with the site's HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator's email address into the `payload` parameter at the `/wp-json/simple-jwt-login/v1/auth` endpoint, then redeeming the resulting JWT at the `/autologin` endpoint to obtain a fully authenticated session as that administrator."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nicu_m","product":"Simple JWT Login – Allows you to use JWT on REST endpoints.","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.6.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:36:58.883199Z","id":"CVE-2026-14262","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L163","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/BaseService.php#L269","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/LoginService.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3597277%40simple-jwt-login&new=3597277%40simple-jwt-login","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd97a7a4-9f57-4882-9e3e-0e9853416af9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15096","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.670","lastModified":"2026-07-13T17:17:03.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themifyme","product":"Themify Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.7.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:13:00.339262Z","id":"CVE-2026-15096","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-builder-data-manager.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-themify-builder-active.php#L559","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/templates/template-map.php#L143","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601964%40themify-builder&new=3601964%40themify-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/72131ba4-976b-4f89-9a69-2469f22eb5fd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1832","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.043","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thrivedesk","product":"Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.1.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:18:40.050981Z","id":"CVE-2026-1832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/862.html","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/tags/2.1.5/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/tags/2.2.0/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/trunk/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3512748%40thrivedesk&new=3512748%40thrivedesk","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec4bc1d4-2f14-4f3e-85ed-8737c56f905c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-2354","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.777","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()` function hooks into WordPress's `wp_check_filetype_and_ext` filter and uses `strpos()` to check if a filename contains a configured extension string, rather than verifying the actual file extension. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files (including PHP) on the affected site's server which may make remote code execution possible, granted the \"Enhanced Multi-Format Image Support\" feature is enabled with at least one extension (e.g., avif) in the allowed formats."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpmessiah","product":"Swiss Toolkit For WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:35:50.481926Z","id":"CVE-2026-2354","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/tags/1.4.2/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/tags/1.4.2/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L95","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/06bccd2e-6891-433a-9f5b-3ec0c30afef4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3552","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.897","lastModified":"2026-07-13T19:17:06.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function in all versions up to 2.6.0. This is due to a missing capability check (current_user_can()) and missing nonce verification (check_ajax_referer()) in the ajax_import_410() function, while all other AJAX handlers in the same class (ajax_add_single_410, ajax_save_editted_410, ajax_delete_410, ajax_bulk_410_delete, ajax_empty_410, ajax_export_410) properly implement both authorization and nonce checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import arbitrary URLs into the 410 Gone database table via the surfl_import_410 AJAX action. Injected URLs will cause the site to return HTTP 410 Gone responses to all visitors accessing those paths, potentially causing denial of service for legitimate pages and SEO damage through search engine delisting."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"surflabtech","product":"SurfLink – Link Manager & Backup Restore","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:52:37.245066Z","id":"CVE-2026-3552","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L513","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L585","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L513","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L585","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3542304%40surflink&new=3542304%40surflink","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22e0060d-7852-4326-98bc-1c49bebe6205?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3576","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.013","lastModified":"2026-07-13T17:17:19.787","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authentication. The send_http_post() function validates the host of the provided URL against an allowlist that includes 'localhost', but critically fails to validate the URL scheme/protocol. This makes it possible for unauthenticated attackers to supply a file:// URL (e.g., file://localhost/etc/passwd) which bypasses the host allowlist check because parse_url() returns 'localhost' as the host. The URL is then passed to curl_init() or fopen(), both of which support the file:// protocol, allowing the attacker to read arbitrary local files on the server and have their contents returned in the HTTP response. This can lead to disclosure of sensitive files such as /etc/passwd, wp-config.php (containing database credentials and authentication keys), and other server-side files."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"xtreeme","product":"Planyo online reservation system","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:13:47.389464Z","id":"CVE-2026-3576","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3488647%40planyo-online-reservation-system&new=3488647%40planyo-online-reservation-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5038d12a-e119-4ab7-aadc-69b765ae7027?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7559","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.673","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve or reject affiliate referrals, credit commissions to affiliate wallets, delete referral records, and modify custom banner plugin options, enabling financial fraud. The nonce required to pass the only authentication check is embedded in every frontend page load via rtwalwm_global_params.rtwalwm_nonce, making it trivially accessible to any authenticated user regardless of role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"redefiningtheweb","product":"Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:24:55.709578Z","id":"CVE-2026-7559","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L742","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L812","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L837","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/public/rtwalwm-class-wp-wc-affiliate-program-public.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L742","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L812","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L837","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/public/rtwalwm-class-wp-wc-affiliate-program-public.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3542527%40affiliaa-affiliate-program-with-mlm&new=3542527%40affiliaa-affiliate-program-with-mlm","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/85a37373-a97f-44b7-a743-bbaaa0056a6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7620","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.790","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthorized manipulation of the plugin's background task scheduling logic."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rainafarai","product":"Notification for Telegram","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:56.598742Z","id":"CVE-2026-7620","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3524838%40notification-for-telegram&new=3524838%40notification-for-telegram","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01055be6-42ae-405f-9c8b-7acf5297867e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9738","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.910","lastModified":"2026-07-13T18:16:30.930","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"printfriendly","product":"Print, PDF & Email by PrintFriendly","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.5.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:38:24.146329Z","id":"CVE-2026-9738","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L367","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L367","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3590593%40printfriendly&new=3590593%40printfriendly","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43d54cb5-7813-4d30-a081-db84e0d29030?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13378","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T06:16:08.930","lastModified":"2026-07-13T17:16:59.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpvibes","product":"Form Vibes – Save Contact Form 7 & Elementor Form Entries to Database","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.5.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:12:42.421179Z","id":"CVE-2026-13378","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/form-vibes/tags/1.5.2/assets/dist/js/submission.js#L1","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/form-vibes/tags/1.5.2/inc/integrations/base.php#L141","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/form-vibes/tags/1.5.2/inc/integrations/cf7.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3599917%40form-vibes&new=3597349%40form-vibes","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c6716a5d-48ed-4735-b765-a7606ea401d0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2025-6784","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:44.637","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tigroumeow","product":"Code Engine – PHP Snippets, AI Functions & Automation for WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.3.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:28:00.378939Z","id":"CVE-2025-6784","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3345666","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a5f970a-e6a0-4dc7-8e99-342a32f5fd49?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10041","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:44.783","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfm_product_archive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to archive arbitrary vendors' products, toggle the featured status on arbitrary listings, mark arbitrary WooCommerce orders as completed, and permanently delete arbitrary enquiries and bulk messages belonging to other vendors."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wclovers","product":"WCFM – Frontend Manager for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.7.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:53.421206Z","id":"CVE-2026-10041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-ajax.php#L746","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-ajax.php#L779","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-ajax.php#L810","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-enquiry.php#L395","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-notification.php#L1132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-ajax.php#L746","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-ajax.php#L779","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-ajax.php#L810","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-enquiry.php#L395","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-notification.php#L1132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3588570%40wc-frontend-manager&new=3588570%40wc-frontend-manager","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f88a18-5439-4759-ae9f-168f5efc3264?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10865","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:44.927","lastModified":"2026-07-13T18:16:26.363","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal client_secret embedded in the page source of any page containing a calculator, enabling full control of the merchant's payment gateway accounts. This exposure only occurs when the 'use in all calculators' option is enabled for one or more payment gateways in the plugin's global settings."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stylemix","product":"Cost Calculator Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:35:36.840411Z","id":"CVE-2026-10865","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.17/includes/functions.php#L748","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.17/templates/frontend/render.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.17/templates/frontend/render.php#L281","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/3.6.17/templates/frontend/render.php#L61","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/4.0.5/includes/functions.php#L748","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/4.0.5/templates/frontend/render.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/4.0.5/templates/frontend/render.php#L281","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/cost-calculator-builder/tags/4.0.5/templates/frontend/render.php#L61","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3578557%40cost-calculator-builder&new=3578557%40cost-calculator-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29de766d-5e7e-46b4-acac-feec5b33589e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11591","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:45.073","lastModified":"2026-07-13T17:16:39.930","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"trustindex","product":"Widgets for Google Reviews","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"13.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:12:24.347819Z","id":"CVE-2026-11591","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/tags/13.2.9/tabs/free-widget-configurator.php#L400","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/tags/13.2.9/tabs/free-widget-configurator.php#L406","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/tags/13.2.9/trustindex-plugin.class.php#L649","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/tags/13.2.9/trustindex-plugin.class.php#L6551","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/trunk/tabs/free-widget-configurator.php#L400","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/trunk/tabs/free-widget-configurator.php#L406","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/trunk/trustindex-plugin.class.php#L649","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/trunk/trustindex-plugin.class.php#L6551","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3584904%40wp-reviews-plugin-for-google&new=3584904%40wp-reviews-plugin-for-google","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d16e945-1576-4d9b-8e1b-995ec457215b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12103","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:45.490","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate the login name, email address, and user ID of all WordPress accounts — including administrators — by submitting arbitrary search terms to the AJAX handler. The required 'search-user' nonce is localized into the wallet_param object on the standard WooCommerce My Account page, which is accessible to any authenticated user, making it trivially obtainable by a Subscriber."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"subratamal","product":"Wallet for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.6.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:29:36.248572Z","id":"CVE-2026-12103","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.0/includes/class-woo-wallet-ajax.php#L166","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.0/includes/class-woo-wallet-ajax.php#L56","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.0/includes/class-woo-wallet-frontend.php#L199","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.0/includes/helper/woo-wallet-util.php#L1462","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.3/includes/class-woo-wallet-ajax.php#L166","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.3/includes/class-woo-wallet-ajax.php#L56","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.3/includes/class-woo-wallet-frontend.php#L199","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-wallet/tags/1.6.3/includes/helper/woo-wallet-util.php#L1462","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3585829%40woo-wallet&new=3585829%40woo-wallet","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/98b38844-c6fe-4655-8bbe-7600203b567e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12126","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:45.633","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'post_title' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Vendor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. An attacker can plant the payload by uploading a media attachment with a crafted title via the WordPress REST API (/wp-json/wp/v2/media), without ever invoking the AJAX endpoint themselves, as the unescaped title is later emitted inside DataTables JSON and inserted as innerHTML upon any privileged user loading the media dashboard."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wclovers","product":"WCFM Marketplace – Multivendor Marketplace for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:54.931224Z","id":"CVE-2026-12126","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.2/controllers/media/wcfmmp-controller-media.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.2/controllers/media/wcfmmp-controller-media.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.2/core/class-wcfmmp-media.php#L163","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.3/controllers/media/wcfmmp-controller-media.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.3/controllers/media/wcfmmp-controller-media.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.7.3/core/class-wcfmmp-media.php#L163","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3588629%40wc-multivendor-marketplace&new=3588629%40wc-multivendor-marketplace","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/881ec131-a716-4929-a44e-84bac161d81c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12738","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:45.770","lastModified":"2026-07-13T18:16:26.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to set the status of arbitrary posts and pages to 'draft', effectively unpublishing arbitrary site content."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saadiqbal","product":"WP Easy Pay – Payment and Donation form Builder for Square","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:35:57.846175Z","id":"CVE-2026-12738","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-easy-pay/tags/4.5.0/wpep-setup.php#L1698","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-easy-pay/tags/4.5.0/wpep-setup.php#L1703","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-easy-pay/tags/4.5.0/wpep-setup.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3593500%40wp-easy-pay&new=3593500%40wp-easy-pay","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2121d9fa-bab4-489d-89bc-07a8660bc3d1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12994","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:45.900","lastModified":"2026-07-13T17:16:48.280","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to inject arbitrary reply content into any store inquiry, overwrite the main inquiry record in wp_wcfm_enquiries, and trigger unsolicited notification emails to customers and vendors. Unlike sibling controller branches (wcfm-enquiry and wcfm-enquiry-manage), the wcfm-my-account-enquiry-manage branch performs no is_user_logged_in() or current_user_can() check, and the nonce that serves as the sole barrier is embedded into every public page load without any login gate."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wclovers","product":"WCFM – Frontend Manager for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.7.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:11:55.298736Z","id":"CVE-2026-12994","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/controllers/enquiry/wcfm-controller-enquiry-manage.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/controllers/enquiry/wcfm-controller-enquiry-manage.php#L290","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-enquiry.php#L321","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-enquiry.php#L48","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-frontend.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/controllers/enquiry/wcfm-controller-enquiry-manage.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/controllers/enquiry/wcfm-controller-enquiry-manage.php#L290","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-enquiry.php#L321","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-enquiry.php#L48","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-frontend.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3588570%40wc-frontend-manager&new=3588570%40wc-frontend-manager","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/676b4637-a2c7-4a95-b644-bb0401f91b40?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15010","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:46.033","lastModified":"2026-07-13T17:17:01.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsp_topic_fields_form_save() (which writes $_POST['bsp_topic_fields_label{n}'] directly to post meta via update_post_meta() with no filtering) and missing output escaping in bsp_topic_content_append_topic_fields() (which concatenates the stored meta value into an HTML <span> and echoes it via apply_filters/echo without esc_html()). This makes it possible for authenticated attackers, with Subscriber-level access and above (who have bbPress topic-creation privileges), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, including unauthenticated visitors."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"robin-w","product":"bbp style pack","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.4.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:11:32.202615Z","id":"CVE-2026-15010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bbp-style-pack/tags/6.4.5/includes/functions_topic_fields.php#L146","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bbp-style-pack/tags/6.4.5/includes/functions_topic_fields.php#L235","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601461%40bbp-style-pack&new=3601461%40bbp-style-pack","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f898ab34-2d63-458d-b19b-4e2b6f4a0f3b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-4661","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:46.513","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck() method and lack of preparation in the $wpdb->update() call. The vulnerability is compounded by the complete absence of authorization checks and the endpoint being registered for unauthenticated users via wp_ajax_nopriv_. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries and extract sensitive information from the database via time-based blind SQL injection techniques, including administrator password hashes."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"blendmedia","product":"WP CTA – Call Now Button, Sticky Button & Call to Action Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:29:12.480347Z","id":"CVE-2026-4661","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-sticky-sidebar/tags/1.7.4/inc/ClassActions.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-sticky-sidebar/tags/1.7.4/inc/ClassActions.php#L186","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-sticky-sidebar/tags/1.7.4/inc/ClassActions.php#L193","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3524743%40easy-sticky-sidebar&new=3524743%40easy-sticky-sidebar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7e963601-dc41-4218-9119-708c74e51bc2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6801","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:46.650","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"postmagthemes","product":"Context Blog","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:36:33.854902Z","id":"CVE-2026-6801","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://themes.trac.wordpress.org/changeset?reponame=&old=329636%40context-blog&new=329636%40context-blog","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30f5eecd-3135-45a1-97d2-05fcbbca9e5f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6939","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T07:16:46.787","lastModified":"2026-07-13T18:16:30.693","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The unauthenticated REST endpoint POST /wp-json/corvuspay/success/ is registered with permission_callback set to __return_true, and although a signature validation step exists it only logs the result without halting execution, meaning an attacker can supply a completely arbitrary signature and have a malicious approval_code stored in the database unchallenged."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"corvusinfo","product":"CorvusPay WooCommerce Payment Gateway","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.7.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:29:24.520281Z","id":"CVE-2026-6939","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.2/includes/class-wc-gateway-corvuspay.php#L1713","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.2/includes/class-wc-gateway-corvuspay.php#L202","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.2/includes/class-wc-order-corvuspay.php#L185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.3/includes/class-wc-gateway-corvuspay.php#L1713","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.3/includes/class-wc-gateway-corvuspay.php#L202","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/tags/2.7.3/includes/class-wc-order-corvuspay.php#L185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/trunk/includes/class-wc-gateway-corvuspay.php#L1713","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/trunk/includes/class-wc-gateway-corvuspay.php#L202","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/corvuspay-woocommerce-integration/trunk/includes/class-wc-order-corvuspay.php#L185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3576949%40corvuspay-woocommerce-integration&new=3576949%40corvuspay-woocommerce-integration","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a81c01-495f-4861-b66f-000072e99512?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1359","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T09:16:16.020","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve_setOpt() function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary WordPress options, including enabling user registration and setting the default role to administrator, resulting in privilege escalation."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"genolve","product":"Genolve – Genolve AI Business Graphics, AI Images","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:27:13.953022Z","id":"CVE-2026-1359","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&new=3460465%40genolve-toolkit&old=3432371%40genolve-toolkit","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f64361a-e5b5-4481-b25c-bdffeb80c198?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56240","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:20.707","lastModified":"2026-07-13T19:17:22.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan_valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel_self, and attachment upload endpoints after credit depletion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.12","versionType":"semver","status":"affected"},{"version":"12.128.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:54:10.656594Z","id":"CVE-2026-56240","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-g9fc-82c2-p2r6","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-billing-authorization-bypass-via-exhausted-usage-credits","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-g9fc-82c2-p2r6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56296","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:21.683","lastModified":"2026-07-13T18:12:29.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling transfer_app with only the publishable API key."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:19:08.409884Z","id":"CVE-2026-56296","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fmm3-3qcg-85j6","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-app-existence-oracle-via-unauthenticated-transfer-app-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fmm3-3qcg-85j6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56303","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:21.820","lastModified":"2026-07-13T17:17:38.947","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve sensitive API key metadata including user_id, mode, org scoping, and expiration details when supplied a valid key value."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:11:04.151499Z","id":"CVE-2026-56303","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2xjq-h43m-592f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-api-key-metadata-disclosure-via-security-definer-rpc-function","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2xjq-h43m-592f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56372","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:21.953","lastModified":"2026-07-13T22:18:43.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-19","versionType":"semver","status":"affected"},{"version":"7.1.2-19","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:34:31.901682Z","id":"CVE-2026-56372","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.2-19","matchCriteriaId":"AAB93A09-7FA3-4F61-9DB8-EF5B1382E7EE"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-via-unrecognized-magnify-method","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-60088","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:22.210","lastModified":"2026-07-13T18:16:29.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside_secret.txt or absolute paths in project command files to exfiltrate process-readable files into model prompts."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:25:56.364288Z","id":"CVE-2026-60088","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-xpx6-x8c2-mw5w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-path-traversal-via-custom-commands","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-xpx6-x8c2-mw5w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61426","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:22.483","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:npm/praisonai","versions":[{"version":"0","lessThan":"1.7.3","versionType":"semver","status":"affected"},{"version":"1.7.3","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:04:48.407773Z","id":"CVE-2026-61426","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6wjp-v33h-5cvq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-unauthenticated-agent-access-via-insecure-defaults","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6wjp-v33h-5cvq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61428","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:22.610","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:10:26.374722Z","id":"CVE-2026-61428","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qj9c-59p6-8cgx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-agentmail-before-message-injection-via-webhook","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qj9c-59p6-8cgx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61429","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:22.740","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sensitive canary values."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:36:48.565220Z","id":"CVE-2026-61429","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6g59-gm2v-qhvq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-ssrf-via-crawl4ai-chromium-backend","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6g59-gm2v-qhvq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61442","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:23.017","lastModified":"2026-07-13T18:16:29.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign lead_id to their own user id and then delete the owner-created project, bypassing the delete route's owner/admin permission check."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai-platform","versions":[{"version":"0","lessThan":"0.1.9","versionType":"semver","status":"affected"},{"version":"0.1.9","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:17:21.791289Z","id":"CVE-2026-61442","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-c78w-2q4r-68r7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-platform-before-authorization-bypass-via-patch","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-c78w-2q4r-68r7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61447","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:23.377","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:21:25.938765Z","id":"CVE-2026-61447","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xv2-w8cq-5gxw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-remote-code-execution-via-codeagent","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xv2-w8cq-5gxw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61448","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:23.510","lastModified":"2026-07-13T20:03:31.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a valid type/subtype media type (e.g., 'image', 'image/', or 'image//svg+xml') bypasses the fileUpload.fileExtensions blocklist and is stored unchanged. On storage adapters that persist and serve the uploaded Content-Type (such as Amazon S3, Google Cloud Storage, or Azure Blob Storage), a browser cannot parse the malformed value and falls back to MIME-sniffing; a file whose body begins with HTML is rendered as HTML, executing embedded script in the application's origin against other users who open the file URL. The default GridFS storage adapter is not affected. Fixed in 9.10.0-alpha.2 and 8.6.84."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"parse-community","product":"parse-server","defaultStatus":"unaffected","packageURL":"pkg:npm/parse-server","versions":[{"version":"9.0.0","lessThan":"9.10.0-alpha.2","versionType":"semver","status":"affected"},{"version":"9.10.0-alpha.2","versionType":"semver","status":"unaffected"}]},{"vendor":"parse-community","product":"parse-server","defaultStatus":"unaffected","packageURL":"pkg:npm/parse-server","versions":[{"version":"0","lessThan":"8.6.84","versionType":"semver","status":"affected"},{"version":"8.6.84","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:09:47.693724Z","id":"CVE-2026-61448","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r899-h629-j84r","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/parse-server-stored-xss-via-malformed-content-type","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61454","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:23.630","lastModified":"2026-07-13T20:03:31.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base path, runtime environment type, and exact Grav and Admin2 version numbers, allowing an unauthenticated attacker to fingerprint the deployment and select version-specific exploits without reconnaissance."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.4","versionType":"semver","status":"affected"},{"version":"2.0.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:33:42.428442Z","id":"CVE-2026-61454","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-pfjq-chp8-3vgh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-information-disclosure-via-grav-config","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-pfjq-chp8-3vgh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61857","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:23.893","lastModified":"2026-07-13T22:11:46.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-26","versionType":"semver","status":"affected"},{"version":"7.1.2-26","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-51","versionType":"semver","status":"affected"},{"version":"6.9.13-51","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:06:24.270603Z","id":"CVE-2026-61857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-252"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-51","matchCriteriaId":"04EA847E-A872-4815-93ED-324AE5221CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-26","matchCriteriaId":"C6EB9880-7B4D-477D-8F0E-7A22317D1768"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-before-26-heap-use-after-free-via-xmp","source":"disclosure@vulncheck.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-61861","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:24.143","lastModified":"2026-07-13T22:09:54.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-26","versionType":"semver","status":"affected"},{"version":"7.1.2-26","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-51","versionType":"semver","status":"affected"},{"version":"6.9.13-51","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:07:48.985607Z","id":"CVE-2026-61861","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-51","matchCriteriaId":"04EA847E-A872-4815-93ED-324AE5221CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-26","matchCriteriaId":"C6EB9880-7B4D-477D-8F0E-7A22317D1768"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-in-formatmagickcaption","source":"disclosure@vulncheck.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-61870","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-11T14:16:24.270","lastModified":"2026-07-13T22:07:31.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-26","versionType":"semver","status":"affected"},{"version":"7.1.2-26","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-51","versionType":"semver","status":"affected"},{"version":"6.9.13-51","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:09:14.622804Z","id":"CVE-2026-61870","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-51","matchCriteriaId":"04EA847E-A872-4815-93ED-324AE5221CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-26","matchCriteriaId":"C6EB9880-7B4D-477D-8F0E-7A22317D1768"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-viff-encoder","source":"disclosure@vulncheck.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-15470","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T00:16:17.480","lastModified":"2026-07-13T19:16:51.223","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:08:43.103648Z","id":"CVE-2026-15470","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15470","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15470","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797463","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377775","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377775/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15471","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T02:16:14.703","lastModified":"2026-07-13T20:16:44.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:19:03.662595Z","id":"CVE-2026-15471","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15471","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15471","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797464","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377776","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377776/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797464","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15472","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T02:16:16.380","lastModified":"2026-07-13T19:16:52.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:57:59.669879Z","id":"CVE-2026-15472","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15472","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15472","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797465","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377777","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377777/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15474","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T03:16:10.700","lastModified":"2026-07-13T19:16:52.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["Call Recording Handler"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:30.196637Z","id":"CVE-2026-15474","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://drive.google.com/file/d/14r-7V9dJHuoBPpuSj-puFzujq149Mbry/view?usp=sharing","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15474","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797469","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377779","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377779/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15475","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T03:16:10.860","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"MiniTool","product":"Partition Wizard","cpes":["cpe:2.3:a:minitool:partition_wizard:*:*:*:*:*:*:*:*"],"modules":["Signed Kernel Driver"],"versions":[{"version":"13.0","status":"affected"},{"version":"13.1","status":"affected"},{"version":"13.2","status":"affected"},{"version":"13.3","status":"affected"},{"version":"13.4","status":"affected"},{"version":"13.5","status":"affected"},{"version":"13.6","status":"affected"},{"version":"13.9","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:38:17.404499Z","id":"CVE-2026-15475","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15475","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/833842","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377780","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377780/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/minitool-partition-wizard-kernel-driver-pwdrviosys-local-privilege-escalation","source":"cna@vuldb.com"},{"url":"https://www.minitool.com/partition-manager/upgrade-history.html","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15476","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T04:16:20.087","lastModified":"2026-07-13T17:17:05.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"QILING","product":"Disk Master","cpes":["cpe:2.3:a:qiling:disk_master:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"6.0.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:07:58.777377Z","id":"CVE-2026-15476","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15476","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835610","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377781","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377781/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation","source":"cna@vuldb.com"},{"url":"https://www.idiskhome.com/download/beta/multi_DiskMaster_Pro_Trial.exe","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15477","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T05:16:08.447","lastModified":"2026-07-13T20:16:45.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Bahmni","product":"bahmnicore","cpes":["cpe:2.3:a:bahmni:bahmnicore:*:*:*:*:*:*:*:*"],"modules":["Search Endpoint"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9","status":"affected"},{"version":"0.10","status":"affected"},{"version":"0.11","status":"affected"},{"version":"0.12","status":"affected"},{"version":"0.13","status":"affected"},{"version":"0.14","status":"affected"},{"version":"0.15","status":"affected"},{"version":"0.16","status":"affected"},{"version":"0.17","status":"affected"},{"version":"0.18","status":"affected"},{"version":"0.19","status":"affected"},{"version":"0.20","status":"affected"},{"version":"0.21","status":"affected"},{"version":"0.22","status":"affected"},{"version":"0.23","status":"affected"},{"version":"0.24","status":"affected"},{"version":"0.25","status":"affected"},{"version":"0.26","status":"affected"},{"version":"0.27","status":"affected"},{"version":"0.28","status":"affected"},{"version":"0.29","status":"affected"},{"version":"0.30","status":"affected"},{"version":"0.31","status":"affected"},{"version":"0.32","status":"affected"},{"version":"0.33","status":"affected"},{"version":"0.34","status":"affected"},{"version":"0.35","status":"affected"},{"version":"0.36","status":"affected"},{"version":"0.37","status":"affected"},{"version":"0.38","status":"affected"},{"version":"0.39","status":"affected"},{"version":"0.40","status":"affected"},{"version":"0.41","status":"affected"},{"version":"0.42","status":"affected"},{"version":"0.43","status":"affected"},{"version":"0.44","status":"affected"},{"version":"0.45","status":"affected"},{"version":"0.46","status":"affected"},{"version":"0.47","status":"affected"},{"version":"0.48","status":"affected"},{"version":"0.49","status":"affected"},{"version":"0.50","status":"affected"},{"version":"0.51","status":"affected"},{"version":"0.52","status":"affected"},{"version":"0.53","status":"affected"},{"version":"0.54","status":"affected"},{"version":"0.55","status":"affected"},{"version":"0.56","status":"affected"},{"version":"0.57","status":"affected"},{"version":"0.58","status":"affected"},{"version":"0.59","status":"affected"},{"version":"0.60","status":"affected"},{"version":"0.61","status":"affected"},{"version":"0.62","status":"affected"},{"version":"0.63","status":"affected"},{"version":"0.64","status":"affected"},{"version":"0.65","status":"affected"},{"version":"0.66","status":"affected"},{"version":"0.67","status":"affected"},{"version":"0.68","status":"affected"},{"version":"0.69","status":"affected"},{"version":"0.70","status":"affected"},{"version":"0.71","status":"affected"},{"version":"0.72","status":"affected"},{"version":"0.73","status":"affected"},{"version":"0.74","status":"affected"},{"version":"0.75","status":"affected"},{"version":"0.76","status":"affected"},{"version":"0.77","status":"affected"},{"version":"0.78","status":"affected"},{"version":"0.79","status":"affected"},{"version":"0.80","status":"affected"},{"version":"0.81","status":"affected"},{"version":"0.82","status":"affected"},{"version":"0.83","status":"affected"},{"version":"0.84","status":"affected"},{"version":"0.85","status":"affected"},{"version":"0.86","status":"affected"},{"version":"0.87","status":"affected"},{"version":"0.88","status":"affected"},{"version":"0.89","status":"affected"},{"version":"0.90","status":"affected"},{"version":"0.91","status":"affected"},{"version":"0.92","status":"affected"},{"version":"0.93","status":"affected"},{"version":"0.93.1","status":"unaffected"},{"version":"1.0.1","status":"unaffected"},{"version":"1.1.1","status":"unaffected"},{"version":"1.2.1","status":"unaffected"},{"version":"1.3.1","status":"unaffected"},{"version":"2.0.1","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:11:16.738269Z","id":"CVE-2026-15477","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://bahmni.atlassian.net/wiki/spaces/BAH/pages/5519474693/Bahmni+Security+Patch+July+02+2026+Release+Notes","source":"cna@vuldb.com"},{"url":"https://github.com/Bahmni/bahmni-core/security/advisories/GHSA-cg9w-r5g6-cxq5","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15477","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836079","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377782","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377782/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836079","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15478","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T05:16:08.747","lastModified":"2026-07-13T17:17:05.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"IceHRM","cpes":["cpe:2.3:a:icehrm:icehrm:*:*:*:*:*:*:*:*"],"modules":["UserReport Endpoint"],"versions":[{"version":"35.0.0","status":"affected"},{"version":"35.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:31:36.077379Z","id":"CVE-2026-15478","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/gamonoid/icehrm/issues/376","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15478","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836330","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377783","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377783/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15480","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T06:16:42.650","lastModified":"2026-07-13T19:16:53.467","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_name leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor explains: \"We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices.\" This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Trendnet","product":"TEW-635BRM","cpes":["cpe:2.3:a:trendnet:tew-635brm:*:*:*:*:*:*:*:*"],"modules":["Web Service"],"versions":[{"version":"1.00.03","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:06:22.080756Z","id":"CVE-2026-15480","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/TRENDnet/TRENDnet_TEW635BRM_device_name_BOF_EN.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15480","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/838236","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377787","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377787/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15481","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T06:16:42.863","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: \"We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices.\" This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Trendnet","product":"TEW-635BRM","cpes":["cpe:2.3:a:trendnet:tew-635brm:*:*:*:*:*:*:*:*"],"modules":["IPoA WAN Connection Setup"],"versions":[{"version":"1.00.03","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:39:28.245593Z","id":"CVE-2026-15481","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/TRENDnet/TRENDnet_TEW635BRM_ipoa_cmdinj_EN.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15481","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/838237","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377788","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377788/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15482","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T07:16:24.737","lastModified":"2026-07-13T17:17:06.613","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Aster Telecom","product":"Azcall","cpes":["cpe:2.3:a:aster_telecom:azcall:*:*:*:*:*:*:*:*"],"modules":["HTTP Handler"],"versions":[{"version":"10","status":"affected"},{"version":"11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:45:57.183623Z","id":"CVE-2026-15482","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15482","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/841457","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377789","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377789/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/841457","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15484","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T07:16:25.107","lastModified":"2026-07-13T17:17:07.277","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: \"We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. \" This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TRENDnet","product":"TEW-821DAP","cpes":["cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*"],"modules":["ssi"],"versions":[{"version":"1.12B01","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:29:39.933581Z","id":"CVE-2026-15484","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_BO3.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15484","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/842381","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377791","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377791/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15486","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T09:16:38.560","lastModified":"2026-07-13T19:16:54.130","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotely. The vendor explains: \"We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. \" This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TRENDnet","product":"TEW-821DAP","cpes":["cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*"],"modules":["Firmware Update Handler"],"versions":[{"version":"1.11B03","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:02:13.030316Z","id":"CVE-2026-15486","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI4.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15486","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/842383","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377793","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377793/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15487","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T09:16:39.577","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendor explains: \"We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. \" This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TRENDnet","product":"TEW-821DAP","cpes":["cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*"],"modules":["Firmware Update Handler"],"versions":[{"version":"1.11B03","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:16:53.515499Z","id":"CVE-2026-15487","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI5.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15487","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/842385","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377794","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377794/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15488","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T09:16:39.740","lastModified":"2026-07-13T17:17:07.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.4 is able to address this issue. This patch is called 3ecde28ea8a20a3840dbfefd6d6863ee79a83e70. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"hcr707305003","product":"shiroiAdmin","cpes":["cpe:2.3:a:hcr707305003:shiroiadmin:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.1","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:44:23.303593Z","id":"CVE-2026-15488","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/hcr707305003/shiroiAdmin/","source":"cna@vuldb.com"},{"url":"https://github.com/hcr707305003/shiroiAdmin/commit/3ecde28ea8a20a3840dbfefd6d6863ee79a83e70","source":"cna@vuldb.com"},{"url":"https://github.com/hcr707305003/shiroiAdmin/releases/tag/v1.4","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15488","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/843890","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377795","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377795/cti","source":"cna@vuldb.com"},{"url":"https://github.com/hcr707305003/shiroiAdmin/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://vuldb.com/submit/843890","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15490","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T10:16:16.577","lastModified":"2026-07-13T17:17:08.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kode_produk/kd_cs results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"RafyMrX","product":"TOKO-ONLINE-ROTI","cpes":["cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*"],"versions":[{"version":"ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:26:45.452983Z","id":"CVE-2026-15490","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15490","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844136","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377797","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377797/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15492","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T11:16:45.117","lastModified":"2026-07-13T19:16:54.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"igweze","product":"wizgrade","cpes":["cpe:2.3:a:igweze:wizgrade:*:*:*:*:*:*:*:*"],"versions":[{"version":"b1d55f22b90cd7e7a6e5002f006d7c649e8086d6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:00:26.215354Z","id":"CVE-2026-15492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15492","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844165","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844300","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377799","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377799/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15493","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T11:16:46.133","lastModified":"2026-07-13T16:59:13.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export_date results in cross site scripting. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Akpali9","product":"Attendance-Management-System","cpes":["cpe:2.3:h:akpali9:attendance-management-system:*:*:*:*:*:*:*:*"],"versions":[{"version":"70b91fe38f4195b701a45f0edcd4f42d5f64aeee","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:17:57.778931Z","id":"CVE-2026-15493","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15493","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844298","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377800","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377800/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15494","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T11:16:46.380","lastModified":"2026-07-13T17:17:09.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AMTT","product":"Hotel Broadband Operation System","cpes":["cpe:2.3:a:amtt:hotel_broadband_operation_system:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:42:05.646913Z","id":"CVE-2026-15494","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/MichaelZhuang521/cve/issues/4","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15494","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844454","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377801","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377801/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15496","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T11:16:46.713","lastModified":"2026-07-13T17:17:10.070","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"SonicCloudOrg","product":"sonic-agent","cpes":["cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:*"],"modules":["Groovy Script Handler"],"versions":[{"version":"2.7.0","status":"affected"},{"version":"2.7.1","status":"affected"},{"version":"2.7.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:24:03.951275Z","id":"CVE-2026-15496","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/xpp3901/CVE_APPLY/tree/main/V-S002_SonicCloudPlatform_Groovy_Unsandboxed_RCE","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15496","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844485","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377803","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377803/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15498","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T12:16:44.053","lastModified":"2026-07-13T19:16:55.480","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"sergomanov","product":"SmartHomeAdatum","cpes":["cpe:2.3:a:sergomanov:smarthomeadatum:*:*:*:*:*:*:*:*"],"modules":["Login"],"versions":[{"version":"cf495353d81b680675eb8d9aa14a318aa45ce12c","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:00:09.947383Z","id":"CVE-2026-15498","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15498","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844491","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377805","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377805/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15499","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T12:16:44.257","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload[\"note\"] results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AstrBotDevs","product":"AstrBot","cpes":["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"],"modules":["Scheduled Task Handler"],"versions":[{"version":"4.25.0","status":"affected"},{"version":"4.25.1","status":"affected"},{"version":"4.25.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:18:38.997324Z","id":"CVE-2026-15499","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://gist.github.com/YLChen-007/2bab96d5bedef784f90c97009fff8a19","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15499","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844656","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377806","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377806/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15500","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T12:16:44.413","lastModified":"2026-07-13T17:17:10.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component market_list Endpoint. Executing a manipulation of the argument custom_registry can lead to server-side request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AstrBotDevs","product":"AstrBot","cpes":["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"],"modules":["market_list Endpoint"],"versions":[{"version":"4.25.0","status":"affected"},{"version":"4.25.1","status":"affected"},{"version":"4.25.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:41:32.623995Z","id":"CVE-2026-15500","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://gist.github.com/YLChen-007/cd162554554c273a3a7c0330aa02f3f0","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15500","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844659","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/847481","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377807","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377807/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-56238","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:44.587","lastModified":"2026-07-13T17:02:40.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global_stats endpoint to expose MRR, total revenue, plan-tier revenue breakdown, customer counts, and operational telemetry."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:23:32.780114Z","id":"CVE-2026-56238","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-73rv-fpp7-r3r4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-information-disclosure-via-postgrest-global-stats-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-73rv-fpp7-r3r4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56252","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:44.867","lastModified":"2026-07-13T17:17:37.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks outside their declared app boundary, bypassing the limited_to_apps authorization check."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:13:33.349733Z","id":"CVE-2026-56252","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qvr7-f6j6-64wp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-scope-isolation-failure-in-webhook-test-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qvr7-f6j6-64wp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56281","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:45.433","lastModified":"2026-07-13T17:02:40.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQL fragments to enumerate dataset schemas, extract analytics data, or cause denial-of-service against the analytics backend."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo-app","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:20:26.186927Z","id":"CVE-2026-56281","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6ffx-8hjj-jhhf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-sql-injection-via-unvalidated-limit-parameter-in-admin-stats-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6ffx-8hjj-jhhf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56313","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:45.703","lastModified":"2026-07-13T17:17:39.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the provider's email domain, forcing victims to use the attacker's SSO provider or complete password reset recovery."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T16:01:03.405070Z","id":"CVE-2026-56313","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-x3vq-34gg-cwq7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-organization-account-disruption-via-sso-prelink-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59260","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:45.977","lastModified":"2026-07-13T20:03:31.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openwrt","product":"luci","defaultStatus":"affected"}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:10:26.958671Z","id":"CVE-2026-59260","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/openwrt/luci/security/advisories/GHSA-vx64-mmp7-h36c","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openwrt-luci-app-samba4-read-acl-remote-code-execution-via-smbd","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openwrt/luci/security/advisories/GHSA-vx64-mmp7-h36c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61874","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:46.117","lastModified":"2026-07-13T20:03:31.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose new contents through the dormant public share URL."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","defaultStatus":"unaffected","packageURL":"pkg:golang/github.com/filebrowser/filebrowser/v2","versions":[{"version":"0","lessThan":"2.63.17","versionType":"semver","status":"affected"},{"version":"2.63.17","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:40:21.007403Z","id":"CVE-2026-61874","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/be23ab3a15bf957928ecfed88de5ab67850c1b9c","source":"disclosure@vulncheck.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-pp88-jhwj-5qh5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/filebrowser-before-stale-public-share-via-trailing-slash-delete","source":"disclosure@vulncheck.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-pp88-jhwj-5qh5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61875","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-12T12:16:46.260","lastModified":"2026-07-13T19:28:49.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders without output encoding, executing the payload when administrators view the UPnP or Status pages."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openwrt","product":"luci","defaultStatus":"affected"}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:19:23.887144Z","id":"CVE-2026-61875","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openwrt/luci/security/advisories/GHSA-8v49-6387-7f89","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/luci-app-upnp-stored-xss-via-upnp-port-mapping-description","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openwrt/luci/security/advisories/GHSA-8v49-6387-7f89","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15502","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T13:16:37.643","lastModified":"2026-07-13T17:17:11.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AojiaoZero","product":"Antaris","cpes":["cpe:2.3:a:aojiaozero:antaris:*:*:*:*:*:*:*:*"],"modules":["PayPal IPN Payment Handler"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:58:50.399093Z","id":"CVE-2026-15502","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15502","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844725","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377809","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377809/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15507","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T22:16:35.917","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"coollabsio","product":"Coolify","cpes":["cpe:2.3:a:coollabsio:coolify:*:*:*:*:*:*:*:*"],"modules":["Policy Handler"],"versions":[{"version":"4.1.0","status":"affected"},{"version":"4.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:19:52.891397Z","id":"CVE-2026-15507","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/lakshayyverma/CVE-Discovery/blob/main/coolify-resource-policy-stubs.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15507","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/845670","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377836","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377836/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15508","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T23:16:36.780","lastModified":"2026-07-13T17:17:12.197","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted_path_and_query can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Helicone","product":"ai-gateway","cpes":["cpe:2.3:a:helicone:ai-gateway:*:*:*:*:*:*:*:*"],"modules":["AWS Metadata Service"],"versions":[{"version":"0.2.0-beta.0","status":"affected"},{"version":"0.2.0-beta.1","status":"affected"},{"version":"0.2.0-beta.2","status":"affected"},{"version":"0.2.0-beta.3","status":"affected"},{"version":"0.2.0-beta.4","status":"affected"},{"version":"0.2.0-beta.5","status":"affected"},{"version":"0.2.0-beta.6","status":"affected"},{"version":"0.2.0-beta.7","status":"affected"},{"version":"0.2.0-beta.8","status":"affected"},{"version":"0.2.0-beta.9","status":"affected"},{"version":"0.2.0-beta.10","status":"affected"},{"version":"0.2.0-beta.11","status":"affected"},{"version":"0.2.0-beta.12","status":"affected"},{"version":"0.2.0-beta.13","status":"affected"},{"version":"0.2.0-beta.14","status":"affected"},{"version":"0.2.0-beta.15","status":"affected"},{"version":"0.2.0-beta.16","status":"affected"},{"version":"0.2.0-beta.17","status":"affected"},{"version":"0.2.0-beta.18","status":"affected"},{"version":"0.2.0-beta.19","status":"affected"},{"version":"0.2.0-beta.20","status":"affected"},{"version":"0.2.0-beta.21","status":"affected"},{"version":"0.2.0-beta.22","status":"affected"},{"version":"0.2.0-beta.23","status":"affected"},{"version":"0.2.0-beta.24","status":"affected"},{"version":"0.2.0-beta.25","status":"affected"},{"version":"0.2.0-beta.26","status":"affected"},{"version":"0.2.0-beta.27","status":"affected"},{"version":"0.2.0-beta.28","status":"affected"},{"version":"0.2.0-beta.29","status":"affected"},{"version":"0.2.0-beta.30","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:38:53.451447Z","id":"CVE-2026-15508","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/oscar2744/CVE-Submit/issues/1","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15508","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/845671","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377837","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377837/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15510","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T23:16:37.977","lastModified":"2026-07-13T17:17:12.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"Leantime","cpes":["cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:*"],"modules":["API"],"versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.5","status":"affected"},{"version":"3.6","status":"affected"},{"version":"3.7","status":"affected"},{"version":"3.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:47:21.833466Z","id":"CVE-2026-15510","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://bytium.com/insights/leantime-3-8-0-broken-access-control","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15510","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/846171","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377839","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377839/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15512","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T00:16:47.077","lastModified":"2026-07-13T19:16:57.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \\pig-master\\pig-visual\\pig-codegen\\src\\main\\java\\com\\pig4cloud\\pig\\codegen\\service\\impl\\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to code injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"pig-mesh","product":"Pig","cpes":["cpe:2.3:a:pig-mesh:pig:*:*:*:*:*:*:*:*"],"modules":["pig-codegen"],"versions":[{"version":"3.9.0","status":"affected"},{"version":"3.9.1","status":"affected"},{"version":"3.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:28.800664Z","id":"CVE-2026-15512","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/sombra0316/CVE-2026/blob/main/pig-mesh/SSIT.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15512","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/847500","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377841","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377841/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15513","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T00:16:47.233","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Wavlink","product":"WL-NU516U1","cpes":["cpe:2.3:o:wavlink:wl-nu516u1_firmware:*:*:*:*:*:*:*:*"],"versions":[{"version":"260515","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:24:03.623706Z","id":"CVE-2026-15513","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-06-22-5ccde97-mt7628-squashfs-sysupgrade.bin","source":"cna@vuldb.com"},{"url":"https://github.com/0xcc12138/wavlink-nu516u1-csrf-command-injection-","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15513","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/847517","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377842","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377842/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15514","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T00:16:47.390","lastModified":"2026-07-13T17:17:13.613","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpc_args can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Metasoft 美特软件","product":"MetaCRM","cpes":["cpe:2.3:a:metasoft_:metacrm:*:*:*:*:*:*:*:*"],"modules":["PHPRPC Remote Call Interface"],"versions":[{"version":"6.4.0 Beta06","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:54:47.623583Z","id":"CVE-2026-15514","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://ucn9h68n9289.feishu.cn/docx/SX91dyomSoAeHJxnfygckPQNnLL?from=from_copylink","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15514","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/848598","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377843","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377843/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15516","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T01:17:04.753","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. Upgrading to version 2022.1000.3025 is recommended to address this issue. Upgrading the affected component is recommended."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"MacCMS Pro","cpes":["cpe:2.3:a:maccms_pro:maccms_pro:*:*:*:*:*:*:*:*"],"modules":["Installation Module"],"versions":[{"version":"2022.1000.3005","status":"affected"},{"version":"2022.1000.3025","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:20:20.657594Z","id":"CVE-2026-15516","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/magicblack/maccms10/releases?page=3#release-v2022.1000.3025","source":"cna@vuldb.com"},{"url":"https://github.com/trustbigcat/CVE/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15516","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/848741","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377845","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377845/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15518","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T01:17:05.073","lastModified":"2026-07-13T19:16:57.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AREA 17","product":"Twill CMS","cpes":["cpe:2.3:a:area_17:twill_cms:*:*:*:*:*:*:*:*"],"modules":["Media Library Insert Page"],"versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.5","status":"affected"},{"version":"3.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:27.413526Z","id":"CVE-2026-15518","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://bytium.com/insights/authenticated-arbitrary-file-upload-to-rce-in-twill-cms","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15518","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/849572","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377847","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377847/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15551","sourceIdentifier":"PSIRT@samsung.com","published":"2026-07-13T01:17:05.233","lastModified":"2026-07-13T19:28:17.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\n\nThis issue affects ."}],"affected":[{"source":"PSIRT@samsung.com","affectedData":[{"vendor":"Samsung Open Source","product":"rlottie","defaultStatus":"unaffected","versions":[{"version":"bf689b72b8482c5ea674235854bd11b6d1b42588","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:46:18.993143Z","id":"CVE-2026-15551","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/Samsung/rlottie/pull/595","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-15519","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T02:16:09.513","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system_prompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"usestrix","product":"strix","cpes":["cpe:2.3:a:usestrix:strix:*:*:*:*:*:*:*:*"],"modules":["PyPI Handler"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.0.1","status":"affected"},{"version":"1.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:25:04.549563Z","id":"CVE-2026-15519","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/ez-lbz/strix-vul-report","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15519","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850802","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377848","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377848/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15520","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T02:16:10.543","lastModified":"2026-07-13T17:17:14.273","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"GNU","product":"LibreDWG","cpes":["cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"],"modules":["R2004 Section Decompression"],"versions":[{"version":"0.13.4-154-g0b573035","status":"affected"},{"version":"0.14.8396","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:53:23.251380Z","id":"CVE-2026-15520","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_heap_overflow_decompress_R2004_section.dwg","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/commit/3d0f9fc2eddbd6579c99af3111c37c98f03475d0","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/issues/1251","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/releases/tag/0.14.8396","source":"cna@vuldb.com"},{"url":"https://github.com/advisories/GHSA-qg2f-8389-w95j","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15520","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/851190","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377849","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377849/cti","source":"cna@vuldb.com"},{"url":"https://www.gnu.org/","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/issues/1251","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15522","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T03:16:16.197","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.0.0 addresses this issue. The patch is identified as eb63add552aa4bd9205395cf91b40654654a3cf2. It is suggested to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"tugcantopaloglu","product":"godot-mcp","cpes":["cpe:2.3:a:tugcantopaloglu:godot-mcp:*:*:*:*:*:*:*:*"],"modules":["run_project"],"versions":[{"version":"2.0.0","status":"affected"},{"version":"3.0.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:19:12.769707Z","id":"CVE-2026-15522","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/tugcantopaloglu/godot-mcp/","source":"cna@vuldb.com"},{"url":"https://github.com/tugcantopaloglu/godot-mcp/commit/eb63add552aa4bd9205395cf91b40654654a3cf2","source":"cna@vuldb.com"},{"url":"https://github.com/tugcantopaloglu/godot-mcp/issues/9","source":"cna@vuldb.com"},{"url":"https://github.com/tugcantopaloglu/godot-mcp/releases/tag/v3.0.0","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15522","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854523","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377851","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377851/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15524","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T03:16:16.513","lastModified":"2026-07-13T19:16:58.377","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"alioshr","product":"memory-bank-mcp","cpes":["cpe:2.3:a:alioshr:memory-bank-mcp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:N/A:N","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:25.998567Z","id":"CVE-2026-15524","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/alioshr/memory-bank-mcp/","source":"cna@vuldb.com"},{"url":"https://github.com/alioshr/memory-bank-mcp/issues/36","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15524","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854526","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377853","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377853/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15525","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T03:16:16.670","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forgery. The attack may be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.10.0 is able to resolve this issue. The patch is named 217399723e3a2fb39389e5355d49ed80aaf9ea7c. Upgrading the affected component is advised."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"kLOsk","product":"adloop","cpes":["cpe:2.3:a:klosk:adloop:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9.0","status":"affected"},{"version":"0.10.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:26:07.904133Z","id":"CVE-2026-15525","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/kLOsk/adloop/","source":"cna@vuldb.com"},{"url":"https://github.com/kLOsk/adloop/commit/217399723e3a2fb39389e5355d49ed80aaf9ea7c","source":"cna@vuldb.com"},{"url":"https://github.com/kLOsk/adloop/issues/41","source":"cna@vuldb.com"},{"url":"https://github.com/kLOsk/adloop/releases/tag/v0.10.0","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15525","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854528","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377854","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377854/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15526","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T04:16:27.650","lastModified":"2026-07-13T17:17:14.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"augmnt","product":"augments-mcp-server","cpes":["cpe:2.3:a:augmnt:augments-mcp-server:*:*:*:*:*:*:*:*"],"modules":["scan_project_deps"],"versions":[{"version":"7.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:N/A:N","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:52:18.579057Z","id":"CVE-2026-15526","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/augmnt/augments-mcp-server/","source":"cna@vuldb.com"},{"url":"https://github.com/augmnt/augments-mcp-server/issues/8","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15526","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854529","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377855","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377855/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15527","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T04:16:28.163","lastModified":"2026-07-13T20:16:46.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"better-auth","product":"better-icons","cpes":["cpe:2.3:a:better-auth:better-icons:*:*:*:*:*:*:*:*"],"modules":["scan_project_icons/sync_icon"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.0.1","status":"affected"},{"version":"1.0.2","status":"affected"},{"version":"1.0.3","status":"affected"},{"version":"1.0.4","status":"affected"},{"version":"1.0.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:24:54.395119Z","id":"CVE-2026-15527","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/better-auth/better-icons/","source":"cna@vuldb.com"},{"url":"https://github.com/better-auth/better-icons/issues/18","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15527","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854530","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377865","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377865/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15528","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T04:16:28.360","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument project_path/schematic_path results in protection mechanism failure. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"lamaalrajih","product":"kicad-mcp","cpes":["cpe:2.3:a:lamaalrajih:kicad-mcp:*:*:*:*:*:*:*:*"],"versions":[{"version":"3.3.0","status":"affected"},{"version":"3.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:N/A:N","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:09:08.963249Z","id":"CVE-2026-15528","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/lamaalrajih/kicad-mcp/","source":"cna@vuldb.com"},{"url":"https://github.com/lamaalrajih/kicad-mcp/issues/57","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15528","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854531","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377866","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377866/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-7162","sourceIdentifier":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","published":"2026-07-13T04:16:29.127","lastModified":"2026-07-13T20:37:48.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Successful\nexploitation of the integer overflow vulnerability could allow an attacker to\nachieve system-level access to the affected software."}],"affected":[{"source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","affectedData":[{"vendor":"WinFsp","product":"WinFsp","defaultStatus":"unaffected","versions":[{"version":"2.2.26112 and lower","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:45:48.349954Z","id":"CVE-2026-7162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/winfsp/winfsp/releases/tag/v2.2B2","source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"},{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-086","source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}]}},{"cve":{"id":"CVE-2026-15530","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T06:16:26.810","lastModified":"2026-07-13T19:16:59.043","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"WuzhiCMS","cpes":["cpe:2.3:a:wuzhicms:wuzhicms:*:*:*:*:*:*:*:*"],"modules":["Attachment API"],"versions":[{"version":"4.0","status":"affected"},{"version":"4.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:07:22.449442Z","id":"CVE-2026-15530","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/wuzhicms/wuzhicms/","source":"cna@vuldb.com"},{"url":"https://github.com/wuzhicms/wuzhicms/issues/217","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15530","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854588","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377873","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377873/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15531","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T06:16:27.217","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the component Checkpoint File Handler. The manipulation of the argument ckpt_path leads to deserialization. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"yashbhalgat","product":"HashNeRF-pytorch","cpes":["cpe:2.3:a:yashbhalgat:hashnerf-pytorch:*:*:*:*:*:*:*:*"],"modules":["Checkpoint File Handler"],"versions":[{"version":"82885e698295982504eb6a26d060a6b2473e3706","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:27:00.088732Z","id":"CVE-2026-15531","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/yashbhalgat/HashNeRF-pytorch/","source":"cna@vuldb.com"},{"url":"https://github.com/yashbhalgat/HashNeRF-pytorch/issues/49","source":"cna@vuldb.com"},{"url":"https://github.com/yashbhalgat/HashNeRF-pytorch/pull/50","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15531","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854906","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377874","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377874/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15532","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T06:16:27.413","lastModified":"2026-07-13T17:17:15.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"SourceCodester","product":"Online Book Store System","cpes":["cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"],"modules":["User Management Module"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:51:49.552657Z","id":"CVE-2026-15532","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15532","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854983","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377877/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15533","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T06:16:27.603","lastModified":"2026-07-13T20:16:47.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"DedeCMS","cpes":["cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*"],"modules":["Column Management"],"versions":[{"version":"5.7.118","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:22:11.612012Z","id":"CVE-2026-15533","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/DunkBoyZz/cve/blob/cb7d6aa088d5ae4b603399af0a3279c18b084f11/DedeCMS%20V5.7.118%20Column%20Name%20Cache%20File%20Writing%20RCE%20Vulnerability.docx","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15533","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854988","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854989","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377878","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377878/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15535","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T06:16:27.780","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component retrieval_lm. Executing a manipulation of the argument index_meta.faiss can lead to deserialization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AkariAsai","product":"self-rag","cpes":["cpe:2.3:a:akariasai:self-rag:*:*:*:*:*:*:*:*"],"modules":["retrieval_lm"],"versions":[{"version":"1fcdc420e48f50a7d7ab1ece5494221b93252e99","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:59:00.183386Z","id":"CVE-2026-15535","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/AkariAsai/self-rag/","source":"cna@vuldb.com"},{"url":"https://github.com/AkariAsai/self-rag/issues/105","source":"cna@vuldb.com"},{"url":"https://github.com/AkariAsai/self-rag/pull/106","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15535","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/854999","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377885","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377885/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10551","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:26.200","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Breeze Cache","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:53:59.081374Z","id":"CVE-2026-10551","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/381fb82f-2fdc-49cb-bb0d-8d70ead61d86/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-11963","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.307","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Registration & Membership  WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change another user's WordPress role and membership tier."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"User Registration & Membership","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:53:21.705650Z","id":"CVE-2026-11963","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/a34a916a-983e-48a5-8f10-99214ee3b613/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-11964","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.420","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Registration & Membership  WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without completing a real payment."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"User Registration & Membership","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:50:37.786921Z","id":"CVE-2026-11964","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/faf55649-8f76-4abf-a6b9-0d0774e22d29/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12081","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.520","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator views the stored entry. This is an incomplete fix of CVE-2025-7384 and CVE-2026-2599, whose deserialization paths were hardened while the entry-editor file-field path was missed."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Database for Contact Form 7, WPforms, Elementor forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:49:42.948474Z","id":"CVE-2026-12081","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/91d0baf4-1052-4666-a28b-34689e06cbab/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12271","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.620","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS  WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail result."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Tutor LMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.9.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:48:56.794902Z","id":"CVE-2026-12271","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/ca99ea35-4bf8-4dc8-a817-79fb9fa1c5bd/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12273","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.733","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS  WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments containing arbitrary HTML and links on any content across the site, bypassing the comment moderation queue."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Tutor LMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.9.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:50:53.687432Z","id":"CVE-2026-12273","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/93031a51-fd53-48a0-a420-0024bbdaf45b/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12274","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.830","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS  WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-level access to overwrite and take over any post or page on the site, including those owned by administrators."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Tutor LMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.9.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:48:16.311451Z","id":"CVE-2026-12274","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/c3d98ead-a4f4-48fd-bf9c-4fa91c5681d7/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12275","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:27.923","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS  WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or private courses without authorization, read private course content, and mark arbitrary courses as completed, on sites where the Droip or Kirki integration is active."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Tutor LMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.9.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:46:28.412955Z","id":"CVE-2026-12275","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/fcd43a87-8721-4455-b014-ac81d53fc671/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12396","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:28.017","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Job Portal  WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level (self-registerable) account to approve, feature, or reject arbitrary jobs, including those owned by other users."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"WP Job Portal","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:11:17.759983Z","id":"CVE-2026-12396","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/13d574ea-84fe-421b-b1e4-23f94e2000d7/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12397","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:28.113","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Job Portal  WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"WP Job Portal","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:06:20.993553Z","id":"CVE-2026-12397","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/8e797251-2351-4979-a6c1-c05c78622327/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12582","sourceIdentifier":"contact@wpscan.com","published":"2026-07-13T07:16:28.203","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Library Management System","defaultStatus":"unaffected","versions":[{"version":"3.5","lessThan":"3.5.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:51:14.903172Z","id":"CVE-2026-12582","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/762dd8c3-8972-46ef-90c2-9f3f5dce4370/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-15537","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T07:16:28.647","lastModified":"2026-07-13T19:16:59.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"SourceCodester","product":"Online Book Store System","cpes":["cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:07:20.645571Z","id":"CVE-2026-15537","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15537","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855010","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377887","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377887/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15538","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T07:16:28.813","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"primefaces","product":"primereact","cpes":["cpe:2.3:a:primefaces:primereact:*:*:*:*:*:*:*:*"],"modules":["API"],"versions":[{"version":"10.9.0","status":"affected"},{"version":"10.9.1","status":"affected"},{"version":"10.9.2","status":"affected"},{"version":"10.9.3","status":"affected"},{"version":"10.9.4","status":"affected"},{"version":"10.9.5","status":"affected"},{"version":"10.9.6","status":"affected"},{"version":"10.9.7","status":"affected"},{"version":"10.9.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:21:54.694785Z","id":"CVE-2026-15538","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/Mantle-UI/mantle-ui/issues/50","source":"cna@vuldb.com"},{"url":"https://github.com/primefaces/primereact/","source":"cna@vuldb.com"},{"url":"https://github.com/primefaces/primereact/issues/8553","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15538","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855024","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377888","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377888/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15539","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T07:16:29.020","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"SourceCodester","product":"Online Book Store System","cpes":["cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"],"modules":["Book Image Upload Feature"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:47:59.519430Z","id":"CVE-2026-15539","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15539","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855046","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377889","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377889/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-14165","sourceIdentifier":"3DS.Information-Security@3ds.com","published":"2026-07-13T08:16:20.253","lastModified":"2026-07-13T19:29:14.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization."}],"affected":[{"source":"3DS.Information-Security@3ds.com","affectedData":[{"vendor":"Dassault Systèmes","product":"Tuleap Enterprise Edition","defaultStatus":"unaffected","versions":[{"version":"17.0-1","lessThanOrEqual":"17.0-31","versionType":"custom","status":"affected"},{"version":"17.5-1","lessThanOrEqual":"17.5-17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:47:14.604186Z","id":"CVE-2026-14165","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-14165","source":"3DS.Information-Security@3ds.com"}]}},{"cve":{"id":"CVE-2026-15540","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T08:16:20.403","lastModified":"2026-07-13T19:17:00.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"SourceCodester","product":"Online Book Store System","cpes":["cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"],"modules":["Administrative Interface"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:39:23.588424Z","id":"CVE-2026-15540","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15540","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855048","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377890","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377890/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15541","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T08:16:20.600","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"will-moss","product":"Isaiah","cpes":["cpe:2.3:a:will-moss:isaiah:*:*:*:*:*:*:*:*"],"modules":["Master Websocket Handler"],"versions":[{"version":"1.36.0","status":"affected"},{"version":"1.36.1","status":"affected"},{"version":"1.36.2","status":"affected"},{"version":"1.36.3","status":"affected"},{"version":"1.36.4","status":"affected"},{"version":"1.36.5","status":"affected"},{"version":"1.36.6","status":"affected"},{"version":"1.36.7","status":"affected"},{"version":"1.36.8","status":"affected"},{"version":"1.36.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:28:18.172388Z","id":"CVE-2026-15541","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/will-moss/isaiah/","source":"cna@vuldb.com"},{"url":"https://github.com/will-moss/isaiah/issues/34","source":"cna@vuldb.com"},{"url":"https://github.com/will-moss/isaiah/pull/35","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15541","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855074","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377891","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377891/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15543","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T08:16:20.967","lastModified":"2026-07-13T19:17:01.067","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Tenda","product":"CH22","cpes":["cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:06:20.580870Z","id":"CVE-2026-15543","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://candle-throne-f75.notion.site/Tenda-CH22-formCertListInfo-377df0aa11858088aabaeb0f5e1909c9","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15543","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855077","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377893","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377893/cti","source":"cna@vuldb.com"},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15544","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T08:16:21.150","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Shibby","product":"Tomato","cpes":["cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*"],"modules":["apcupsd"],"versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"1.2","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"},{"version":"1.5","status":"affected"},{"version":"1.6","status":"affected"},{"version":"1.7","status":"affected"},{"version":"1.8","status":"affected"},{"version":"1.9","status":"affected"},{"version":"1.10","status":"affected"},{"version":"1.11","status":"affected"},{"version":"1.12","status":"affected"},{"version":"1.13","status":"affected"},{"version":"1.14","status":"affected"},{"version":"1.15","status":"affected"},{"version":"1.16","status":"affected"},{"version":"1.17","status":"affected"},{"version":"1.18","status":"affected"},{"version":"1.19","status":"affected"},{"version":"1.20","status":"affected"},{"version":"1.21","status":"affected"},{"version":"1.22","status":"affected"},{"version":"1.23","status":"affected"},{"version":"1.24","status":"affected"},{"version":"1.25","status":"affected"},{"version":"1.26","status":"affected"},{"version":"1.27","status":"affected"},{"version":"1.28.0000","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T15:23:08.728713Z","id":"CVE-2026-15544","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5M","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15544","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855110","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377894","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377894/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-4769","sourceIdentifier":"info@cert.vde.com","published":"2026-07-13T08:16:21.343","lastModified":"2026-07-13T19:58:29.933","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"WAGO","product":"0765-110x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.1.100","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-120x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.7.100","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-150x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.7.103","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-2101/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.1.102","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-2102/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.5.101","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-410x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.1.100","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-420x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.7.100","versionType":"semver","status":"affected"}]},{"vendor":"WAGO","product":"0765-450x/0100-0000","defaultStatus":"unaffected","versions":[{"version":"1.0.0.0","lessThan":"1.2.7.103","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:44:35.455141Z","id":"CVE-2026-4769","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Secondary","description":[{"lang":"en","value":"CWE-912"}]}],"references":[{"url":"https://www.certvde.com/en/advisories/VDE-2026-031/","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2026-10106","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T09:16:23.770","lastModified":"2026-07-13T21:42:24.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"11.6.5","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:56:34.893294Z","id":"CVE-2026-10106","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14453","sourceIdentifier":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","published":"2026-07-13T09:16:23.893","lastModified":"2026-07-13T19:58:29.933","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product."}],"affected":[{"source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","affectedData":[{"vendor":"Centreon","product":"Infra Monitoring","defaultStatus":"affected","packageName":"centreon-open-tickets","versions":[{"version":"24.10.0","lessThan":"24.10.14","versionType":"custom","status":"affected"},{"version":"25.10.0","lessThan":"25.10.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:53:12.577843Z","id":"CVE-2026-14453","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/centreon/centreon/releases","source":"bd4443e6-1eef-43f3-9886-25fc9ceeaae7"}]}},{"cve":{"id":"CVE-2026-15545","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T09:16:24.043","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Shibby","product":"Tomato","cpes":["cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*"],"modules":["apcupsd"],"versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"1.2","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"},{"version":"1.5","status":"affected"},{"version":"1.6","status":"affected"},{"version":"1.7","status":"affected"},{"version":"1.8","status":"affected"},{"version":"1.9","status":"affected"},{"version":"1.10","status":"affected"},{"version":"1.11","status":"affected"},{"version":"1.12","status":"affected"},{"version":"1.13","status":"affected"},{"version":"1.14","status":"affected"},{"version":"1.15","status":"affected"},{"version":"1.16","status":"affected"},{"version":"1.17","status":"affected"},{"version":"1.18","status":"affected"},{"version":"1.19","status":"affected"},{"version":"1.20","status":"affected"},{"version":"1.21","status":"affected"},{"version":"1.22","status":"affected"},{"version":"1.23","status":"affected"},{"version":"1.24","status":"affected"},{"version":"1.25","status":"affected"},{"version":"1.26","status":"affected"},{"version":"1.27","status":"affected"},{"version":"1.28.0000","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:44:13.470062Z","id":"CVE-2026-15545","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5N","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15545","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855114","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377895","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377895/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15546","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T09:16:24.213","lastModified":"2026-07-13T19:17:01.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This project is superseded by FreshTomato."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Shibby","product":"Tomato","cpes":["cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*"],"modules":["start_jffs2"],"versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"1.2","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"},{"version":"1.5","status":"affected"},{"version":"1.6","status":"affected"},{"version":"1.7","status":"affected"},{"version":"1.8","status":"affected"},{"version":"1.9","status":"affected"},{"version":"1.10","status":"affected"},{"version":"1.11","status":"affected"},{"version":"1.12","status":"affected"},{"version":"1.13","status":"affected"},{"version":"1.14","status":"affected"},{"version":"1.15","status":"affected"},{"version":"1.16","status":"affected"},{"version":"1.17","status":"affected"},{"version":"1.18","status":"affected"},{"version":"1.19","status":"affected"},{"version":"1.20","status":"affected"},{"version":"1.21","status":"affected"},{"version":"1.22","status":"affected"},{"version":"1.23","status":"affected"},{"version":"1.24","status":"affected"},{"version":"1.25","status":"affected"},{"version":"1.26","status":"affected"},{"version":"1.27","status":"affected"},{"version":"1.28.0000","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:37:17.667667Z","id":"CVE-2026-15546","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5O","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15546","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855115","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377896","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377896/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855115","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15547","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T09:16:24.387","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This project is superseded by FreshTomato."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Shibby","product":"Tomato","cpes":["cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*"],"modules":["CIFS Mount Handler"],"versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"1.2","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"},{"version":"1.5","status":"affected"},{"version":"1.6","status":"affected"},{"version":"1.7","status":"affected"},{"version":"1.8","status":"affected"},{"version":"1.9","status":"affected"},{"version":"1.10","status":"affected"},{"version":"1.11","status":"affected"},{"version":"1.12","status":"affected"},{"version":"1.13","status":"affected"},{"version":"1.14","status":"affected"},{"version":"1.15","status":"affected"},{"version":"1.16","status":"affected"},{"version":"1.17","status":"affected"},{"version":"1.18","status":"affected"},{"version":"1.19","status":"affected"},{"version":"1.20","status":"affected"},{"version":"1.21","status":"affected"},{"version":"1.22","status":"affected"},{"version":"1.23","status":"affected"},{"version":"1.24","status":"affected"},{"version":"1.25","status":"affected"},{"version":"1.26","status":"affected"},{"version":"1.27","status":"affected"},{"version":"1.28.0000","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:27:33.166926Z","id":"CVE-2026-15547","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5P","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15547","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855117","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377897","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377897/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15574","sourceIdentifier":"secalert@redhat.com","published":"2026-07-13T09:16:24.550","lastModified":"2026-07-13T17:01:11.600","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-vllm-orchestrator-gateway-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:41:50.451291Z","id":"CVE-2026-15574","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15574","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2499594","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-6850","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T09:16:24.890","lastModified":"2026-07-13T21:42:01.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"11.6.5","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:56:09.905130Z","id":"CVE-2026-6850","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9597","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T09:16:25.137","lastModified":"2026-07-13T20:53:34.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"11.6.5","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:55:09.692643Z","id":"CVE-2026-9597","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9708","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T09:16:25.253","lastModified":"2026-07-13T20:39:47.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"11.6.5","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:44:57.510921Z","id":"CVE-2026-9708","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13014","sourceIdentifier":"psirt@thalesgroup.com","published":"2026-07-13T10:16:24.913","lastModified":"2026-07-13T19:51:18.237","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Thales CERT \"Suspicious\" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent denial of service, the potential compromise of application secrets or integrations, and root-level execution inside the Django application container.\nThis vulnerability has been names \"Matryoshka Mail\".\nThales PSIRT \nacknowledges and thanks\n\nLucien Doustaly (aka wlayzz) for discovering and reporting this issue."}],"affected":[{"source":"psirt@thalesgroup.com","affectedData":[{"vendor":"Thales CERT","product":"Suspicious","defaultStatus":"unaffected","collectionURL":"https://github.com/thalesgroup-cert/suspicious","versions":[{"version":"v1.2.0","lessThanOrEqual":"v1.3.4","versionType":"git","status":"affected","changes":[{"at":"patched v1.3.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@thalesgroup.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:06:22.643365Z","id":"CVE-2026-13014","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@thalesgroup.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/thalesgroup-cert/suspicious/security/advisories/GHSA-x85x-9mrm-wwvp","source":"psirt@thalesgroup.com"}]}},{"cve":{"id":"CVE-2026-14846","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-07-13T10:16:26.383","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"PrestaShop","product":"The firmware","defaultStatus":"unaffected","versions":[{"version":"8.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:11:32.813174Z","id":"CVE-2026-14846","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-neutralisation-prestashop-firmware","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-15557","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T10:16:26.737","lastModified":"2026-07-13T19:17:02.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This manipulation of the argument x-internal-user-id request causes improper authentication. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"waooAI","product":"waoowaoo","cpes":["cpe:2.3:a:waooai:waoowaoo:*:*:*:*:*:*:*:*"],"modules":["Internal Task Header Handler"],"versions":[{"version":"0.4.0","status":"affected"},{"version":"0.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:07:18.524271Z","id":"CVE-2026-15557","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/waooAI/waoowaoo/","source":"cna@vuldb.com"},{"url":"https://github.com/waooAI/waoowaoo/issues/200","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15557","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855187","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377906","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377906/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-22093","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:26.910","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations.\n\n\n\n\n\nThis issue affects EVbee Service: v1.4.101.00."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"EVbee Service","defaultStatus":"unaffected","platforms":["Android"],"versions":[{"version":"0","lessThan":"1.4.7.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:12:49.972968Z","id":"CVE-2026-22093","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22095","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.050","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:10:58.506358Z","id":"CVE-2026-22095","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22096","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.167","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:24:26.667132Z","id":"CVE-2026-22096","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22097","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.277","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:21:47.463682Z","id":"CVE-2026-22097","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22098","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.393","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Various sensitive information such as passwords and charging card UIDs are written to log files."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:20:50.320608Z","id":"CVE-2026-22098","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22099","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.523","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:22:38.535792Z","id":"CVE-2026-22099","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22100","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.670","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:26:03.897436Z","id":"CVE-2026-22100","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22102","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.783","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification.\nThis can be used to cause a denial of service by overwriting system files, or remote-code-execution by overwriting shell-scripts which execution can be triggered through other means."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:23:42.856554Z","id":"CVE-2026-22102","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-22103","sourceIdentifier":"csirt@divd.nl","published":"2026-07-13T10:16:27.900","lastModified":"2026-07-13T17:44:34.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The NPC start endpoint on the web server at port 8090 is vulnerable to command injection."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"EVbee","product":"DC-80","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:44.249125Z","id":"CVE-2026-22103","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://csirt.divd.nl/DIVD-2026-00001/","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-41041","sourceIdentifier":"security@apache.org","published":"2026-07-13T10:16:28.803","lastModified":"2026-07-13T22:24:21.983","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before 1.2.1.\n\nUsers are recommended to upgrade to version 1.2.1, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Gravitino","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"1.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T17:02:37.419414Z","id":"CVE-2026-41041","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-177"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:gravitino:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.2.1","matchCriteriaId":"99D1DA04-A0C1-4BB0-83E1-CA19B8600676"}]}]}],"references":[{"url":"https://lists.apache.org/thread/4dnwg1qzb2yns1fkfmq0z45vmwyzytgz","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/13/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49876","sourceIdentifier":"security@apache.org","published":"2026-07-13T10:16:29.603","lastModified":"2026-07-13T22:22:55.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 through 1.2.1.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Gravitino","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.gravitino:gravitino-core","versions":[{"version":"1.0.0","lessThanOrEqual":"1.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:27:10.311693Z","id":"CVE-2026-49876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:gravitino:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.3.0","matchCriteriaId":"D5B72561-5D34-47D9-8FFA-C6C440E3FFFB"}]}]}],"references":[{"url":"https://lists.apache.org/thread/2ffkj771d6dp1okh2cdtody969hoo1zs","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/13/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-57363","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:29.720","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"QuantumCloud","product":"ChatBot","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"chatbot","versions":[{"version":"0","lessThanOrEqual":"8.3.7","versionType":"custom","status":"affected","changes":[{"at":"8.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:41.293183Z","id":"CVE-2026-57363","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/chatbot/vulnerability/wordpress-chatbot-plugin-8-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57364","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:29.853","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More: from n/a through <= 2.2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPDeveloper","product":"Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"better-payment","versions":[{"version":"0","lessThanOrEqual":"2.2.0","versionType":"custom","status":"affected","changes":[{"at":"2.2.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:48:10.981947Z","id":"CVE-2026-57364","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/better-payment/vulnerability/wordpress-better-payment-instant-payments-donations-fundraising-with-subscriptions-more-plugin-2-2-0-other-vulnerability-type-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57365","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:29.980","lastModified":"2026-07-13T17:17:43.000","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 &amp; v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 &amp; v3) for Asgaros Forum: from n/a through <= 1.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Hitesh Chandwani","product":"reCAPTCHA (v2 &amp; v3) for Asgaros Forum","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"recaptcha-for-asgaros-forum","versions":[{"version":"0","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected","changes":[{"at":"1.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:08:52.339258Z","id":"CVE-2026-57365","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/recaptcha-for-asgaros-forum/vulnerability/wordpress-recaptcha-v2-v3-for-asgaros-forum-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57368","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.100","lastModified":"2026-07-13T17:17:43.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"NooTheme","product":"Jobmonster","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"noo-jobmonster","versions":[{"version":"0","lessThanOrEqual":"4.8.5","versionType":"custom","status":"affected","changes":[{"at":"4.8.5.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:02.003932Z","id":"CVE-2026-57368","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/noo-jobmonster/vulnerability/wordpress-jobmonster-theme-4-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57369","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.217","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themifyme","product":"Themify Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"themify-builder","versions":[{"version":"0","lessThanOrEqual":"7.7.4","versionType":"custom","status":"affected","changes":[{"at":"7.7.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:57:19.587130Z","id":"CVE-2026-57369","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57371","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.330","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"denishua","product":"WPJAM Basic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpjam-basic","versions":[{"version":"0","lessThanOrEqual":"7.0","versionType":"custom","status":"affected","changes":[{"at":"7.0.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:07.814554Z","id":"CVE-2026-57371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-7-0-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57372","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.450","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"denishua","product":"WPJAM Basic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpjam-basic","versions":[{"version":"0","lessThanOrEqual":"7.0","versionType":"custom","status":"affected","changes":[{"at":"7.0.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:14.480910Z","id":"CVE-2026-57372","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-7-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57375","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.570","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"FluxBuilder","product":"MStore API","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mstore-api","versions":[{"version":"0","lessThanOrEqual":"4.18.4","versionType":"custom","status":"affected","changes":[{"at":"4.19.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:47:14.814307Z","id":"CVE-2026-57375","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/mstore-api/vulnerability/wordpress-mstore-api-plugin-4-18-4-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57376","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.687","lastModified":"2026-07-13T17:17:44.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Element Invader","product":"ElementInvader Addons for Elementor","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"elementinvader-addons-for-elementor","versions":[{"version":"0","lessThanOrEqual":"1.4.3","versionType":"custom","status":"affected","changes":[{"at":"1.4.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:08:40.454734Z","id":"CVE-2026-57376","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/elementinvader-addons-for-elementor/vulnerability/wordpress-elementinvader-addons-for-elementor-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57377","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.803","lastModified":"2026-07-13T17:17:44.960","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPXPO","product":"WowAddons","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"product-addons","versions":[{"version":"0","lessThanOrEqual":"1.6.8","versionType":"custom","status":"affected","changes":[{"at":"1.6.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:08:34.463246Z","id":"CVE-2026-57377","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/product-addons/vulnerability/wordpress-wowaddons-plugin-1-6-8-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57378","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:30.920","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= 1.9.3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Phil Kurth","product":"Advanced Forms","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"advanced-forms","versions":[{"version":"0","lessThanOrEqual":"1.9.3.7","versionType":"custom","status":"affected","changes":[{"at":"1.9.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:53:46.358747Z","id":"CVE-2026-57378","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/advanced-forms/vulnerability/wordpress-advanced-forms-plugin-1-9-3-7-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57379","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.050","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through <= 2.15.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPPOOL","product":"FormyChat","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"social-contact-form","versions":[{"version":"0","lessThanOrEqual":"2.15.3","versionType":"custom","status":"affected","changes":[{"at":"2.15.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:50.624963Z","id":"CVE-2026-57379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/social-contact-form/vulnerability/wordpress-formychat-plugin-2-15-3-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57380","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.167","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"hupe13","product":"Extensions for Leaflet Map","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"extensions-leaflet-map","versions":[{"version":"0","lessThanOrEqual":"5.1","versionType":"custom","status":"affected","changes":[{"at":"5.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:44:14.680787Z","id":"CVE-2026-57380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/extensions-leaflet-map/vulnerability/wordpress-extensions-for-leaflet-map-plugin-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57381","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.293","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through <= 2.2.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Property Hive","product":"PropertyHive","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"propertyhive","versions":[{"version":"0","lessThanOrEqual":"2.2.3","versionType":"custom","status":"affected","changes":[{"at":"2.2.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:48:32.300174Z","id":"CVE-2026-57381","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/propertyhive/vulnerability/wordpress-propertyhive-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57382","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.437","lastModified":"2026-07-13T17:17:45.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through <= 6.3.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mitchell Bennis","product":"Simple File List","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"simple-file-list","versions":[{"version":"0","lessThanOrEqual":"6.3.8","versionType":"custom","status":"affected","changes":[{"at":"6.3.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:21.320208Z","id":"CVE-2026-57382","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/simple-file-list/vulnerability/wordpress-simple-file-list-plugin-6-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57383","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.567","lastModified":"2026-07-13T17:17:46.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through <= 3.2.9."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"eyecix","product":"JobSearch","defaultStatus":"unaffected","collectionURL":"https://codecanyon.net","packageName":"wp-jobsearch","versions":[{"version":"0","lessThanOrEqual":"3.2.9","versionType":"custom","status":"affected","changes":[{"at":"3.3.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:13.893297Z","id":"CVE-2026-57383","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-plugin-3-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57385","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.687","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"appsbd","product":"Vitepos","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"vitepos-lite","versions":[{"version":"0","lessThanOrEqual":"3.4.2","versionType":"custom","status":"affected","changes":[{"at":"3.4.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:31.146806Z","id":"CVE-2026-57385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/vitepos-lite/vulnerability/wordpress-vitepos-plugin-3-4-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57386","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.803","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Kodezen LLC","product":"aBlocks","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ablocks","versions":[{"version":"0","lessThanOrEqual":"2.9.1","versionType":"custom","status":"affected","changes":[{"at":"2.9.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:06.325207Z","id":"CVE-2026-57386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ablocks/vulnerability/wordpress-ablocks-plugin-2-9-1-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57387","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:31.923","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"picu","product":"picu","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"picu","versions":[{"version":"0","lessThanOrEqual":"3.5.1","versionType":"custom","status":"affected","changes":[{"at":"3.6.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:42:50.444906Z","id":"CVE-2026-57387","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/picu/vulnerability/wordpress-picu-plugin-3-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57388","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.040","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.44."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themefic","product":"Hydra Booking","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"hydra-booking","versions":[{"version":"0","lessThanOrEqual":"1.1.44","versionType":"custom","status":"affected","changes":[{"at":"1.1.45","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:48:52.519960Z","id":"CVE-2026-57388","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/hydra-booking/vulnerability/wordpress-hydra-booking-plugin-1-1-44-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57389","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.160","lastModified":"2026-07-13T17:17:46.903","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through <= 4.4.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Adrian Tobey","product":"Groundhogg","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"groundhogg","versions":[{"version":"0","lessThanOrEqual":"4.4.1","versionType":"custom","status":"affected","changes":[{"at":"4.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:31.338890Z","id":"CVE-2026-57389","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/groundhogg/vulnerability/wordpress-groundhogg-plugin-4-4-1-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57390","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.283","lastModified":"2026-07-13T17:17:47.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extra Product Options Builder for WooCommerce: from n/a through <= 1.2.167."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EDGARROJAS","product":"Extra Product Options Builder for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"additional-product-fields-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"1.2.167","versionType":"custom","status":"affected","changes":[{"at":"1.2.168","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:51.401789Z","id":"CVE-2026-57390","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/additional-product-fields-for-woocommerce/vulnerability/wordpress-extra-product-options-builder-for-woocommerce-plugin-1-2-167-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57391","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.417","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through <= 4.2.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Tangible","product":"Loops & Logic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"tangible-loops-and-logic","versions":[{"version":"0","lessThanOrEqual":"4.2.3","versionType":"custom","status":"affected","changes":[{"at":"4.2.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:51:22.755545Z","id":"CVE-2026-57391","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/tangible-loops-and-logic/vulnerability/wordpress-loops-logic-plugin-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57392","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.750","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themefic","product":"Tourfic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"tourfic","versions":[{"version":"0","lessThanOrEqual":"2.22.5","versionType":"custom","status":"affected","changes":[{"at":"2.22.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:00:09.759566Z","id":"CVE-2026-57392","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/tourfic/vulnerability/wordpress-tourfic-plugin-2-22-5-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57393","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.870","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 2.0.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EDGARROJAS","product":"WooCommerce PDF Invoice Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-pdf-invoice-builder","versions":[{"version":"0","lessThanOrEqual":"2.0.8","versionType":"custom","status":"affected","changes":[{"at":"2.0.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-497"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woo-pdf-invoice-builder/vulnerability/wordpress-woocommerce-pdf-invoice-builder-plugin-2-0-8-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57394","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:32.993","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Tribulant Software","product":"Newsletters","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"newsletters-lite","versions":[{"version":"0","lessThanOrEqual":"4.14","versionType":"custom","status":"affected","changes":[{"at":"4.15","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:49:10.961105Z","id":"CVE-2026-57394","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-14-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57395","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.110","lastModified":"2026-07-13T17:17:48.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themefic","product":"Tourfic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"tourfic","versions":[{"version":"0","lessThanOrEqual":"2.22.5","versionType":"custom","status":"affected","changes":[{"at":"2.22.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:41.536926Z","id":"CVE-2026-57395","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/tourfic/vulnerability/wordpress-tourfic-plugin-2-22-5-broken-access-control-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57396","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.223","lastModified":"2026-07-13T17:17:48.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through <= 13.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Flintop","product":"Free Gifts for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://woocommerce.com","packageName":"free-gifts-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"13.1.0","versionType":"custom","status":"affected","changes":[{"at":"13.3.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:10:22.545999Z","id":"CVE-2026-57396","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/free-gifts-for-woocommerce/vulnerability/wordpress-free-gifts-for-woocommerce-plugin-13-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57398","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.340","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.8.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WebCodingPlace","product":"Real Estate Manager Pro","defaultStatus":"unaffected","collectionURL":"https://codecanyon.net","packageName":"real-estate-manager-pro","versions":[{"version":"0","lessThanOrEqual":"12.8.3","versionType":"custom","status":"affected","changes":[{"at":"12.8.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:46:27.004073Z","id":"CVE-2026-57398","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/real-estate-manager-pro/vulnerability/wordpress-real-estate-manager-pro-plugin-12-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57399","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.453","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proxy &amp; VPN Blocker Proxy &amp; VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy &amp; VPN Blocker: from n/a through <= 3.5.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Proxy &amp; VPN Blocker","product":"Proxy &amp; VPN Blocker","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"proxy-vpn-blocker","versions":[{"version":"0","lessThanOrEqual":"3.5.8","versionType":"custom","status":"affected","changes":[{"at":"3.5.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:48.849341Z","id":"CVE-2026-57399","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/proxy-vpn-blocker/vulnerability/wordpress-proxy-vpn-blocker-plugin-3-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57400","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.567","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WP Swings","product":"Event Tickets Manager for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"event-tickets-manager-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"1.5.5","versionType":"custom","status":"affected","changes":[{"at":"1.5.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:42:30.690234Z","id":"CVE-2026-57400","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/event-tickets-manager-for-woocommerce/vulnerability/wordpress-event-tickets-manager-for-woocommerce-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57401","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.683","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Brainstorm Force","product":"SureDash","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"suredash","versions":[{"version":"0","lessThanOrEqual":"1.8.0","versionType":"custom","status":"affected","changes":[{"at":"1.8.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:47:45.433476Z","id":"CVE-2026-57401","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/suredash/vulnerability/wordpress-suredash-plugin-1-8-0-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57402","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.833","lastModified":"2026-07-13T17:17:49.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from n/a through <= 1.0.51."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"wpdesk","product":"Flexible Refund and Return Order for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"flexible-refund-and-return-order-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"1.0.51","versionType":"custom","status":"affected","changes":[{"at":"1.0.52","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:10:06.892821Z","id":"CVE-2026-57402","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/flexible-refund-and-return-order-for-woocommerce/vulnerability/wordpress-flexible-refund-and-return-order-for-woocommerce-plugin-1-0-51-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57403","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:33.950","lastModified":"2026-07-13T17:17:50.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through <= 1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Milan Petrovic","product":"GD Security Headers","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gd-security-headers","versions":[{"version":"0","lessThanOrEqual":"1.8","versionType":"custom","status":"affected","changes":[{"at":"1.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:09:59.188122Z","id":"CVE-2026-57403","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/gd-security-headers/vulnerability/wordpress-gd-security-headers-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57404","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.070","lastModified":"2026-07-13T17:17:50.790","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.9."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"magepeopleteam","product":"Booking and Rental Manager","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"booking-and-rental-manager-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"2.6.9","versionType":"custom","status":"affected","changes":[{"at":"2.7.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:10:53.620871Z","id":"CVE-2026-57404","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-6-9-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57405","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.187","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through <= 1.7.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themehunk","product":"Open Shop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"open-shop","versions":[{"version":"0","lessThanOrEqual":"1.7.1","versionType":"custom","status":"affected","changes":[{"at":"1.7.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:47.233580Z","id":"CVE-2026-57405","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/open-shop/vulnerability/wordpress-open-shop-theme-1-7-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57406","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.300","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through <= 1.7.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Roxnor","product":"FundEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-fundraising-donation","versions":[{"version":"0","lessThanOrEqual":"1.7.6","versionType":"custom","status":"affected","changes":[{"at":"1.7.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:41:36.570769Z","id":"CVE-2026-57406","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wp-fundraising-donation/vulnerability/wordpress-fundengine-plugin-1-7-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57407","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.417","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through <= 1.6.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WP Swings","product":"PDF Generator for WordPress","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"pdf-generator-for-wp","versions":[{"version":"0","lessThanOrEqual":"1.6.2","versionType":"custom","status":"affected","changes":[{"at":"1.6.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:27.319013Z","id":"CVE-2026-57407","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/pdf-generator-for-wp/vulnerability/wordpress-pdf-generator-for-wordpress-plugin-1-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57408","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.533","lastModified":"2026-07-13T17:17:51.427","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 4.0.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"peachpayments","product":"Peach Payments Gateway","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wc-peach-payments-gateway","versions":[{"version":"0","lessThanOrEqual":"4.0.2","versionType":"custom","status":"affected","changes":[{"at":"4.0.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:13:22.519105Z","id":"CVE-2026-57408","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wc-peach-payments-gateway/vulnerability/wordpress-peach-payments-gateway-plugin-4-0-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57409","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.650","lastModified":"2026-07-13T17:17:52.067","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"RealMag777","product":"Active Products Tables for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"profit-products-tables-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected","changes":[{"at":"1.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:11:06.668899Z","id":"CVE-2026-57409","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/profit-products-tables-for-woocommerce/vulnerability/wordpress-active-products-tables-for-woocommerce-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57410","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.767","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"MailerPress Team","product":"MailerPress","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mailerpress","versions":[{"version":"0","lessThanOrEqual":"2.0.2","versionType":"custom","status":"affected","changes":[{"at":"2.0.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:44:56.105222Z","id":"CVE-2026-57410","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/mailerpress/vulnerability/wordpress-mailerpress-plugin-2-0-2-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57411","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.877","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views &#8211; Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views &#8211; Complete Entry Management for Contact Form 7: from n/a through <= 3.2.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Aman","product":"CF7 Views &#8211; Complete Entry Management for Contact Form 7","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cf7-views","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"custom","status":"affected","changes":[{"at":"3.2.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:45.557218Z","id":"CVE-2026-57411","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/cf7-views/vulnerability/wordpress-cf7-views-complete-entry-management-for-contact-form-7-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57412","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:34.993","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through <= 4.6.9."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Codemenschen","product":"Gift Vouchers","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gift-voucher","versions":[{"version":"0","lessThanOrEqual":"4.6.9","versionType":"custom","status":"affected","changes":[{"at":"4.7.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:39:05.326002Z","id":"CVE-2026-57412","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/gift-voucher/vulnerability/wordpress-gift-vouchers-plugin-4-6-9-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57413","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.113","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"bdthemes","product":"Instant Image Generator","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ai-image","versions":[{"version":"0","lessThanOrEqual":"2.1.4","versionType":"custom","status":"affected","changes":[{"at":"2.1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:49:34.314569Z","id":"CVE-2026-57413","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ai-image/vulnerability/wordpress-instant-image-generator-plugin-2-1-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57414","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.230","lastModified":"2026-07-13T17:17:52.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot for eCommerce &#8211; WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce &#8211; WoowBot: from n/a through <= 4.6.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"QuantumCloud","product":"ChatBot for eCommerce &#8211; WoowBot","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woowbot-woocommerce-chatbot","versions":[{"version":"0","lessThanOrEqual":"4.6.1","versionType":"custom","status":"affected","changes":[{"at":"4.7.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:13:39.851231Z","id":"CVE-2026-57414","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woowbot-woocommerce-chatbot/vulnerability/wordpress-chatbot-for-ecommerce-woowbot-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57415","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.350","lastModified":"2026-07-13T17:17:53.493","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n/a through <= 4.7.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Codemenschen","product":"Gift Vouchers","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gift-voucher","versions":[{"version":"0","lessThanOrEqual":"4.7.0","versionType":"custom","status":"affected","changes":[{"at":"4.7.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:13:32.643312Z","id":"CVE-2026-57415","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/gift-voucher/vulnerability/wordpress-gift-vouchers-plugin-4-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57416","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.473","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SiteGround","product":"SiteGround Email Marketing","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"siteground-email-marketing","versions":[{"version":"0","lessThanOrEqual":"1.7.5","versionType":"custom","status":"affected","changes":[{"at":"1.7.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:43:45.482900Z","id":"CVE-2026-57416","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/siteground-email-marketing/vulnerability/wordpress-siteground-email-marketing-plugin-1-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57417","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.600","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3.1.57."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"RexTheme","product":"Cart Lift","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cart-lift","versions":[{"version":"0","lessThanOrEqual":"3.1.57","versionType":"custom","status":"affected","changes":[{"at":"3.1.58","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:43.120882Z","id":"CVE-2026-57417","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/cart-lift/vulnerability/wordpress-cart-lift-plugin-3-1-57-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57418","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.720","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.13."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"BoldGrid","product":"Client Invoicing by Sprout Invoices","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sprout-invoices","versions":[{"version":"0","lessThanOrEqual":"20.8.13","versionType":"custom","status":"affected","changes":[{"at":"20.8.14","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:34:31.411442Z","id":"CVE-2026-57418","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-plugin-20-8-13-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57419","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.837","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 3.1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Fahad Mahmood","product":"Stock Locations for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"stock-locations-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"3.1.8","versionType":"custom","status":"affected","changes":[{"at":"3.1.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:50:30.446316Z","id":"CVE-2026-57419","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/stock-locations-for-woocommerce/vulnerability/wordpress-stock-locations-for-woocommerce-plugin-3-1-8-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57420","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:35.953","lastModified":"2026-07-13T17:17:54.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through <= 2.1.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Netrr","product":"Author Box WP Lens","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"author-box-for-divi","versions":[{"version":"0","lessThanOrEqual":"2.1.5","versionType":"custom","status":"affected","changes":[{"at":"2.1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:13:50.373123Z","id":"CVE-2026-57420","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/author-box-for-divi/vulnerability/wordpress-author-box-wp-lens-plugin-2-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57421","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.070","lastModified":"2026-07-13T17:17:54.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through <= 1.1.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CRM Perks","product":"CRM Perks Forms","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"crm-perks-forms","versions":[{"version":"0","lessThanOrEqual":"1.1.7","versionType":"custom","status":"affected","changes":[{"at":"1.1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:07.495243Z","id":"CVE-2026-57421","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/crm-perks-forms/vulnerability/wordpress-crm-perks-forms-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57422","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.200","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through <= 1.2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VillaTheme","product":"Bopo – WooCommerce Product Bundle Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"bopo-woo-product-bundle-builder","versions":[{"version":"0","lessThanOrEqual":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:42:58.582296Z","id":"CVE-2026-57422","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/bopo-woo-product-bundle-builder/vulnerability/wordpress-bopo-woocommerce-product-bundle-builder-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57423","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.317","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Kofi Mokome","product":"Message Filter for Contact Form 7","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cf7-message-filter","versions":[{"version":"0","lessThanOrEqual":"1.6.3.8","versionType":"custom","status":"affected","changes":[{"at":"1.6.3.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:41.491932Z","id":"CVE-2026-57423","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/cf7-message-filter/vulnerability/wordpress-message-filter-for-contact-form-7-plugin-1-6-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57424","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.433","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through <= 2.1.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"knitpay","product":"Razorpay Payment Links for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"rzp-woocommerce","versions":[{"version":"0","lessThanOrEqual":"2.1.4","versionType":"custom","status":"affected","changes":[{"at":"2.1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:31:46.837598Z","id":"CVE-2026-57424","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/rzp-woocommerce/vulnerability/wordpress-razorpay-payment-links-for-woocommerce-plugin-2-1-4-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57668","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.547","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Basix","product":"NEX-Forms","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"nex-forms-express-wp-form-builder","versions":[{"version":"0","lessThanOrEqual":"9.2.2","versionType":"custom","status":"affected","changes":[{"at":"9.2.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:50:49.589458Z","id":"CVE-2026-57668","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-9-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57691","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.663","lastModified":"2026-07-13T17:17:55.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through <= 4.23.89."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Eli","product":"Anti-Malware Security and Brute-Force Firewall","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gotmls","versions":[{"version":"0","lessThanOrEqual":"4.23.89","versionType":"custom","status":"affected","changes":[{"at":"4.23.90","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:13:59.653095Z","id":"CVE-2026-57691","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/gotmls/vulnerability/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-23-89-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57693","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.780","lastModified":"2026-07-13T17:17:56.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through <= 2.8.11."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Spacetime","product":"Ad Inserter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ad-inserter","versions":[{"version":"0","lessThanOrEqual":"2.8.11","versionType":"custom","status":"affected","changes":[{"at":"2.8.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:16.328797Z","id":"CVE-2026-57693","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ad-inserter/vulnerability/wordpress-ad-inserter-plugin-2-8-11-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57694","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:36.893","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.13."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Tutor LMS","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"tutor","versions":[{"version":"0","lessThanOrEqual":"3.9.13","versionType":"custom","status":"affected","changes":[{"at":"3.9.14","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:40:42.046600Z","id":"CVE-2026-57694","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/tutor/vulnerability/wordpress-tutor-lms-plugin-3-9-13-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57695","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.020","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through <= 5.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Dan Rossiter","product":"Document Gallery","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"document-gallery","versions":[{"version":"0","lessThanOrEqual":"5.1.0","versionType":"custom","status":"affected","changes":[{"at":"5.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:39.252987Z","id":"CVE-2026-57695","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/document-gallery/vulnerability/wordpress-document-gallery-plugin-5-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57697","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.143","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid  profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through <= 5.9.9.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Metagauss","product":"ProfileGrid","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"profilegrid-user-profiles-groups-and-communities","versions":[{"version":"0","lessThanOrEqual":"5.9.9.6","versionType":"custom","status":"affected","changes":[{"at":"5.9.9.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:31:28.559002Z","id":"CVE-2026-57697","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-9-6-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57698","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.260","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.12."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VillaTheme","product":"Abandoned Cart Recovery for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-abandoned-cart-recovery","versions":[{"version":"0","lessThanOrEqual":"1.1.12","versionType":"custom","status":"affected","changes":[{"at":"1.1.13","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:51:10.960158Z","id":"CVE-2026-57698","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woo-abandoned-cart-recovery/vulnerability/wordpress-abandoned-cart-recovery-for-woocommerce-plugin-1-1-12-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57702","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.377","lastModified":"2026-07-13T17:17:57.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.4.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Melograno Venture Studio","product":"Amelia","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ameliabooking","versions":[{"version":"0","lessThanOrEqual":"2.4.2","versionType":"custom","status":"affected","changes":[{"at":"2.4.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:37.520767Z","id":"CVE-2026-57702","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ameliabooking/vulnerability/wordpress-amelia-plugin-2-4-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57705","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.493","lastModified":"2026-07-13T17:17:58.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through <= 5.28.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Nexcess","product":"Event Tickets","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"event-tickets","versions":[{"version":"0","lessThanOrEqual":"5.28.5","versionType":"custom","status":"affected","changes":[{"at":"5.28.5.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:27.252669Z","id":"CVE-2026-57705","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/event-tickets/vulnerability/wordpress-event-tickets-plugin-5-28-5-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57706","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.623","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through <= 5.0.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Dokan, Inc.","product":"Dokan","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"dokan-lite","versions":[{"version":"0","lessThanOrEqual":"5.0.6","versionType":"custom","status":"affected","changes":[{"at":"5.0.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:40:09.180872Z","id":"CVE-2026-57706","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-5-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57707","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.743","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through <= 15.9.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"quantumcloud","product":"Simple Business Directory Pro","defaultStatus":"unaffected","collectionURL":"https://codecanyon.net","packageName":"simple-business-directory-pro","versions":[{"version":"0","lessThanOrEqual":"15.9.4","versionType":"custom","status":"affected","changes":[{"at":"15.9.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:00:06.997444Z","id":"CVE-2026-57707","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-9-4-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57708","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:37.900","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through <= 1.5.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CRM Perks","product":"Contact Form Entries","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"contact-form-entries","versions":[{"version":"0","lessThanOrEqual":"1.5.2","versionType":"custom","status":"affected","changes":[{"at":"1.5.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:31:08.149405Z","id":"CVE-2026-57708","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/contact-form-entries/vulnerability/wordpress-contact-form-entries-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57709","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.020","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through <= 3.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WP Swings","product":"Membership For WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"membership-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"3.1.0","versionType":"custom","status":"affected","changes":[{"at":"3.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:51:34.725492Z","id":"CVE-2026-57709","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-1-0-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57710","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.143","lastModified":"2026-07-13T17:17:58.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through <= 14.1.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"quantumcloud","product":"WoowBot Pro Max","defaultStatus":"unaffected","collectionURL":"https://codecanyon.net","packageName":"woowbot-pro-max","versions":[{"version":"0","lessThanOrEqual":"14.1.7","versionType":"custom","status":"affected","changes":[{"at":"14.1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:47.741693Z","id":"CVE-2026-57710","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woowbot-pro-max/vulnerability/wordpress-woowbot-pro-max-plugin-14-1-7-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57711","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.267","lastModified":"2026-07-13T17:17:59.307","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through <= 3.4.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PSM Plugins","product":"SupportCandy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"supportcandy","versions":[{"version":"0","lessThanOrEqual":"3.4.8","versionType":"custom","status":"affected","changes":[{"at":"3.4.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:14:56.175782Z","id":"CVE-2026-57711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/supportcandy/vulnerability/wordpress-supportcandy-plugin-3-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57712","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.387","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Portfolio wpzoom-portfolio allows Reflected XSS.This issue affects WPZOOM Portfolio: from n/a through <= 1.4.29."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPZOOM","product":"WPZOOM Portfolio","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpzoom-portfolio","versions":[{"version":"0","lessThanOrEqual":"1.4.29","versionType":"custom","status":"affected","changes":[{"at":"1.4.30","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:39:19.563561Z","id":"CVE-2026-57712","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wpzoom-portfolio/vulnerability/wordpress-wpzoom-portfolio-plugin-1-4-29-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57713","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.500","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through <= 7.3.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Marcus (aka @msykes)","product":"Events Manager","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"events-manager","versions":[{"version":"0","lessThanOrEqual":"7.3.6","versionType":"custom","status":"affected","changes":[{"at":"7.3.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:04.455204Z","id":"CVE-2026-57713","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/events-manager/vulnerability/wordpress-events-manager-plugin-7-3-6-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57714","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.617","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through <= 5.6.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"LatePoint","product":"LatePoint","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"latepoint","versions":[{"version":"0","lessThanOrEqual":"5.6.3","versionType":"custom","status":"affected","changes":[{"at":"5.6.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:30:47.245873Z","id":"CVE-2026-57714","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/latepoint/vulnerability/wordpress-latepoint-plugin-5-6-3-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57715","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.737","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through <= 3.1.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPManageNinja","product":"Fluent CRM","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"fluent-crm","versions":[{"version":"0","lessThanOrEqual":"3.1.7","versionType":"custom","status":"affected","changes":[{"at":"3.1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:50:01.074738Z","id":"CVE-2026-57715","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/fluent-crm/vulnerability/wordpress-fluent-crm-plugin-3-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57718","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.853","lastModified":"2026-07-13T17:17:59.943","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 2.0.12."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Unlimited Elements","product":"Unlimited Elements For Elementor (Free Widgets, Addons, Templates)","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"unlimited-elements-for-elementor","versions":[{"version":"0","lessThanOrEqual":"2.0.12","versionType":"custom","status":"affected","changes":[{"at":"2.0.13","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:15:14.704860Z","id":"CVE-2026-57718","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/unlimited-elements-for-elementor/vulnerability/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-2-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57719","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:38.970","lastModified":"2026-07-13T17:18:00.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through <= 2.8.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CodeRevolution","product":"Aimogen Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"aimogen-pro","versions":[{"version":"0","lessThanOrEqual":"2.8.3","versionType":"custom","status":"affected","changes":[{"at":"2.8.3.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:15:06.897736Z","id":"CVE-2026-57719","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/aimogen-pro/vulnerability/wordpress-aimogen-pro-plugin-2-8-3-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57724","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.087","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Kirki","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"kirki","versions":[{"version":"0","lessThanOrEqual":"6.0.12","versionType":"custom","status":"affected","changes":[{"at":"6.0.13","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:38:24.210876Z","id":"CVE-2026-57724","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/kirki/vulnerability/wordpress-kirki-plugin-6-0-12-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57725","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.200","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Kirki","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"kirki","versions":[{"version":"0","lessThanOrEqual":"6.0.11","versionType":"custom","status":"affected","changes":[{"at":"6.0.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:36.469096Z","id":"CVE-2026-57725","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/kirki/vulnerability/wordpress-kirki-plugin-6-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57726","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.317","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Kirki","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"kirki","versions":[{"version":"0","lessThanOrEqual":"6.0.12","versionType":"custom","status":"affected","changes":[{"at":"6.0.13","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:30:29.140837Z","id":"CVE-2026-57726","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/kirki/vulnerability/wordpress-kirki-plugin-6-0-12-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57727","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.427","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Kirki","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"kirki","versions":[{"version":"0","lessThanOrEqual":"6.0.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:28.737003Z","id":"CVE-2026-57727","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/kirki/vulnerability/wordpress-kirki-plugin-6-0-13-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57728","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.540","lastModified":"2026-07-13T17:18:01.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <= 3.20.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"UX-themes","product":"Flatsome","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"flatsome","versions":[{"version":"0","lessThanOrEqual":"3.20.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:15:24.800726Z","id":"CVE-2026-57728","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57729","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.657","lastModified":"2026-07-13T17:18:01.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.20.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"UX-themes","product":"Flatsome","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"flatsome","versions":[{"version":"0","lessThanOrEqual":"3.20.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:15:35.852230Z","id":"CVE-2026-57729","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-5-broken-access-control-vulnerability-3?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57732","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.767","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"tagDiv","product":"tagDiv Opt-In Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"td-subscription","versions":[{"version":"0","lessThanOrEqual":"1.7.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:38:03.623278Z","id":"CVE-2026-57732","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/td-subscription/vulnerability/wordpress-tagdiv-opt-in-builder-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57733","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.883","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through <= 3.9.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"tagDiv","product":"tagDiv Cloud Library","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"td-cloud-library","versions":[{"version":"0","lessThanOrEqual":"3.9.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:33.889683Z","id":"CVE-2026-57733","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/td-cloud-library/vulnerability/wordpress-tagdiv-cloud-library-plugin-3-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57734","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:39.997","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"tagDiv","product":"tagDiv Composer","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"td-composer","versions":[{"version":"0","lessThanOrEqual":"5.4.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:30:11.435709Z","id":"CVE-2026-57734","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/td-composer/vulnerability/wordpress-tagdiv-composer-plugin-5-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57738","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.110","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"axiomthemes","product":"777","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"triple-seven","versions":[{"version":"0","lessThanOrEqual":"1.13.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:53.885920Z","id":"CVE-2026-57738","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/triple-seven/vulnerability/wordpress-777-theme-1-13-0-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57739","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.223","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AcyMailing Newsletter Team","product":"AcyMailing SMTP Newsletter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"acymailing","versions":[{"version":"0","lessThanOrEqual":"10.11.0","versionType":"custom","status":"affected","changes":[{"at":"10.11.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:20:50.568690Z","id":"CVE-2026-57739","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/acymailing/vulnerability/wordpress-acymailing-smtp-newsletter-plugin-10-10-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57740","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.340","lastModified":"2026-07-13T17:18:02.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AcyMailing Newsletter Team","product":"AcyMailing SMTP Newsletter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"acymailing","versions":[{"version":"0","lessThanOrEqual":"10.11.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:16:03.163060Z","id":"CVE-2026-57740","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/acymailing/vulnerability/wordpress-acymailing-smtp-newsletter-plugin-10-10-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57741","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.457","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AcyMailing Newsletter Team","product":"AcyMailing SMTP Newsletter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"acymailing","versions":[{"version":"0","lessThanOrEqual":"10.11.0","versionType":"custom","status":"affected","changes":[{"at":"10.11.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:37:31.844682Z","id":"CVE-2026-57741","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/acymailing/vulnerability/wordpress-acymailing-smtp-newsletter-plugin-10-10-2-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57743","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.570","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"stmcan","product":"RT-Theme 18 | Extensions","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"rt18-extensions","versions":[{"version":"0","lessThanOrEqual":"2.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:02.288504Z","id":"CVE-2026-57743","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/rt18-extensions/vulnerability/wordpress-rt-theme-18-extensions-plugin-2-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57744","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.690","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"stmcan","product":"RT-Theme 18 | Extensions","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"rt18-extensions","versions":[{"version":"0","lessThanOrEqual":"2.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:27:00.949181Z","id":"CVE-2026-57744","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/rt18-extensions/vulnerability/wordpress-rt-theme-18-extensions-plugin-2-5-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57745","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.807","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"stmcan","product":"RT-Theme 18 | Extensions","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"rt18-extensions","versions":[{"version":"0","lessThanOrEqual":"2.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:53:16.316846Z","id":"CVE-2026-57745","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/rt18-extensions/vulnerability/wordpress-rt-theme-18-extensions-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57768","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:40.923","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through <= 3.3.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"favethemes","product":"Houzez Login Register","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"houzez-login-register","versions":[{"version":"0","lessThanOrEqual":"3.3.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:07:11.745097Z","id":"CVE-2026-57768","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/houzez-login-register/vulnerability/wordpress-houzez-login-register-plugin-3-3-3-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57770","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.040","lastModified":"2026-07-13T17:18:03.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through <= 5.7.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGoods","product":"Grand Photography","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"grandphotography","versions":[{"version":"0","lessThanOrEqual":"5.7.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:17:59.071729Z","id":"CVE-2026-57770","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/grandphotography/vulnerability/wordpress-grand-photography-theme-5-7-8-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57771","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.157","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through <= 3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Milan Petrovic","product":"GD Rating System","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gd-rating-system","versions":[{"version":"0","lessThanOrEqual":"3.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:33:53.646693Z","id":"CVE-2026-57771","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/gd-rating-system/vulnerability/wordpress-gd-rating-system-plugin-3-7-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57772","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.277","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through <= 2.4.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WP Inventory","product":"WP Inventory Manager","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-inventory-manager","versions":[{"version":"0","lessThanOrEqual":"2.4.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:31.263890Z","id":"CVE-2026-57772","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wp-inventory-manager/vulnerability/wordpress-wp-inventory-manager-plugin-2-4-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57773","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.393","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through <= 4.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Zorem","product":"Advanced Shipment Tracking for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-advanced-shipment-tracking","versions":[{"version":"0","lessThanOrEqual":"4.0","versionType":"custom","status":"affected","changes":[{"at":"4.0.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:23:20.390893Z","id":"CVE-2026-57773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woo-advanced-shipment-tracking/vulnerability/wordpress-advanced-shipment-tracking-for-woocommerce-plugin-4-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57774","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.523","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"vowelweb","product":"VW Food Corner","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"vw-food-corner","versions":[{"version":"0","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:53:39.068386Z","id":"CVE-2026-57774","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/vw-food-corner/vulnerability/wordpress-vw-food-corner-theme-1-1-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57776","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.680","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"vowelweb","product":"VW Wedding","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"vw-wedding","versions":[{"version":"0","lessThanOrEqual":"1.3.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:27:19.198249Z","id":"CVE-2026-57776","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/vw-wedding/vulnerability/wordpress-vw-wedding-theme-1-3-7-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57778","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.810","lastModified":"2026-07-13T17:18:03.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.36."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"wpdevart","product":"Booking calendar, Appointment Booking System","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"booking-calendar","versions":[{"version":"0","lessThanOrEqual":"3.2.36","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:17:48.383820Z","id":"CVE-2026-57778","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/booking-calendar/vulnerability/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-36-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57779","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:41.930","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themebeez","product":"Fascinate","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"fascinate","versions":[{"version":"0","lessThanOrEqual":"1.1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:32:45.506551Z","id":"CVE-2026-57779","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/fascinate/vulnerability/wordpress-fascinate-theme-1-1-5-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57780","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.050","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through <= 0.22."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Plugin Envision","product":"Envision Page Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"envision-page-builder","versions":[{"version":"0","lessThanOrEqual":"0.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:29.210693Z","id":"CVE-2026-57780","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/envision-page-builder/vulnerability/wordpress-envision-page-builder-plugin-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57781","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.170","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Sovlix","product":"MeetingHub","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"meetinghub","versions":[{"version":"0","lessThanOrEqual":"1.25.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:23:03.593253Z","id":"CVE-2026-57781","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/meetinghub/vulnerability/wordpress-meetinghub-plugin-1-25-10-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57782","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.290","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through <= 1.2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressTigers","product":"Universal Clocks","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"universal-clocks","versions":[{"version":"0","lessThanOrEqual":"1.2.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:52:03.673974Z","id":"CVE-2026-57782","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/universal-clocks/vulnerability/wordpress-universal-clocks-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57783","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.410","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through <= 4.1.13."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"merkulove","product":"Speaker","defaultStatus":"unaffected","collectionURL":"https://codecanyon.net","packageName":"speaker","versions":[{"version":"0","lessThanOrEqual":"4.1.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:55:18.563499Z","id":"CVE-2026-57783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/speaker/vulnerability/wordpress-speaker-plugin-4-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57786","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.527","lastModified":"2026-07-13T17:18:04.650","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through <= 1.7.08."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"purethemes","product":"WorkScout-Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"workscout-core","versions":[{"version":"0","lessThanOrEqual":"1.7.08","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:17:34.993706Z","id":"CVE-2026-57786","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/workscout-core/vulnerability/wordpress-workscout-core-plugin-1-7-08-cross-site-request-forgery-csrf-to-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57787","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.657","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CreativeWS","product":"CWS SVGicons","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"cws-svgicons","versions":[{"version":"0","lessThanOrEqual":"1.5.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:28:35.925663Z","id":"CVE-2026-57787","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/cws-svgicons/vulnerability/wordpress-cws-svgicons-plugin-1-5-5-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57788","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.777","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through <= 1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Aalto","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"aalto","versions":[{"version":"0","lessThanOrEqual":"1.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:59:00.267209Z","id":"CVE-2026-57788","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/aalto/vulnerability/wordpress-aalto-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57789","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:42.903","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: from n/a through <= 5.1.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"jwsthemes","product":"Aqua","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"aqua","versions":[{"version":"0","lessThanOrEqual":"5.1.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:19:05.893289Z","id":"CVE-2026-57789","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/aqua/vulnerability/wordpress-aqua-theme-5-1-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57790","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.030","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through <= 2.1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeMove","product":"Billey","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"billey","versions":[{"version":"0","lessThanOrEqual":"2.1.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:04.646358Z","id":"CVE-2026-57790","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/billey/vulnerability/wordpress-billey-theme-2-1-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57791","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.147","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeMove","product":"Brook","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"brook","versions":[{"version":"0","lessThanOrEqual":"2.9.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:56:27.432980Z","id":"CVE-2026-57791","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/brook/vulnerability/wordpress-brook-theme-2-9-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57792","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.270","lastModified":"2026-07-13T17:18:05.283","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Dør","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"dor","versions":[{"version":"0","lessThanOrEqual":"2.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:17:25.180917Z","id":"CVE-2026-57792","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/dor/vulnerability/wordpress-doer-theme-2-4-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57793","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.390","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through <= 1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Flow","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"flow","versions":[{"version":"0","lessThanOrEqual":"1.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T12:26:37.373464Z","id":"CVE-2026-57793","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/flow/vulnerability/wordpress-flow-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57794","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.517","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through <= 1.7.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"uxper","product":"Golo Framework","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"golo-framework","versions":[{"version":"0","lessThanOrEqual":"1.7.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:58:58.532405Z","id":"CVE-2026-57794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/golo-framework/vulnerability/wordpress-golo-framework-plugin-1-7-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57795","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.643","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through <= 1.4.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themelexus","product":"Kitchor","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"kitchor","versions":[{"version":"0","lessThanOrEqual":"1.4.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:18:02.318782Z","id":"CVE-2026-57795","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/kitchor/vulnerability/wordpress-kitchor-theme-1-4-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57796","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.760","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through <= 3.0.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VLThemes","product":"Leedo","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"leedo","versions":[{"version":"0","lessThanOrEqual":"3.0.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:25.792156Z","id":"CVE-2026-57796","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/leedo/vulnerability/wordpress-leedo-theme-3-0-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57797","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.877","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeMove","product":"EduMall","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"edumall","versions":[{"version":"0","lessThanOrEqual":"4.5.1","versionType":"custom","status":"affected","changes":[{"at":"4.5.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:00:16.203169Z","id":"CVE-2026-57797","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57798","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:43.993","lastModified":"2026-07-13T17:18:05.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through <= 4.2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SaurabhSharma","product":"NewsPlus Shortcodes","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"newsplus-shortcodes","versions":[{"version":"0","lessThanOrEqual":"4.2.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:17:16.180773Z","id":"CVE-2026-57798","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/newsplus-shortcodes/vulnerability/wordpress-newsplus-shortcodes-plugin-4-2-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57799","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.110","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"uxper","product":"Nuss","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"nuss","versions":[{"version":"0","lessThanOrEqual":"1.3.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T11:05:12.708945Z","id":"CVE-2026-57799","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/nuss/vulnerability/wordpress-nuss-theme-1-3-6-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57800","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.223","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Overworld","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"overworld","versions":[{"version":"0","lessThanOrEqual":"1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:58:57.203588Z","id":"CVE-2026-57800","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/overworld/vulnerability/wordpress-overworld-theme-1-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57801","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.337","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through <= 2.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"SetSail","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"setsail","versions":[{"version":"0","lessThanOrEqual":"2.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:15:47.588871Z","id":"CVE-2026-57801","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/setsail/vulnerability/wordpress-setsail-theme-2-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57802","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.453","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through <= 2.5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Struktur","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"struktur","versions":[{"version":"0","lessThanOrEqual":"2.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:57:47.787873Z","id":"CVE-2026-57802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/struktur/vulnerability/wordpress-struktur-theme-2-5-1-local-file-inclusion-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57803","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.567","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through <= 2.5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Struktur Core","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"struktur-core","versions":[{"version":"0","lessThanOrEqual":"2.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:08:41.216900Z","id":"CVE-2026-57803","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/struktur-core/vulnerability/wordpress-struktur-core-plugin-2-5-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57804","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.687","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CodexThemes","product":"TheGem Theme Elements (for Elementor)","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"thegem-elements-elementor","versions":[{"version":"0","lessThanOrEqual":"5.11.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-11-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57805","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.807","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through <= 2.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Tonda","defaultStatus":"unaffected","collectionURL":"https://themeforest.net","packageName":"tonda","versions":[{"version":"0","lessThanOrEqual":"2.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T10:25:38.447591Z","id":"CVE-2026-57805","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/tonda/vulnerability/wordpress-tonda-theme-2-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57810","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:44.923","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Saad Iqbal","product":"APIExperts Square for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woosquare","versions":[{"version":"0","lessThanOrEqual":"4.7.4","versionType":"custom","status":"affected","changes":[{"at":"4.7.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:27.166878Z","id":"CVE-2026-57810","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woosquare/vulnerability/wordpress-apiexperts-square-for-woocommerce-plugin-4-7-4-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57811","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.040","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Realtyna","product":"Realtyna Organic IDX plugin","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"real-estate-listing-realtyna-wpl","versions":[{"version":"0","lessThanOrEqual":"5.2.0","versionType":"custom","status":"affected","changes":[{"at":"5.3.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:15:23.629284Z","id":"CVE-2026-57811","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/real-estate-listing-realtyna-wpl/vulnerability/wordpress-realtyna-organic-idx-plugin-plugin-5-2-0-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57812","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.157","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.12.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"NSquared","product":"Simply Schedule Appointments","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"simply-schedule-appointments","versions":[{"version":"0","lessThanOrEqual":"1.6.12.4","versionType":"custom","status":"affected","changes":[{"at":"1.6.12.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:58:16.581403Z","id":"CVE-2026-57812","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/simply-schedule-appointments/vulnerability/wordpress-simply-schedule-appointments-plugin-1-6-12-4-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57813","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.270","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"properfraction","product":"MailOptin","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mailoptin","versions":[{"version":"0","lessThanOrEqual":"1.2.77.3","versionType":"custom","status":"affected","changes":[{"at":"1.2.78.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:58:09.435490Z","id":"CVE-2026-57813","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/mailoptin/vulnerability/wordpress-mailoptin-plugin-1-2-77-3-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57814","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.393","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through <= 1.55.0.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPMU DEV - Your All-in-One WordPress Platform","product":"Forminator","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"forminator","versions":[{"version":"0","lessThanOrEqual":"1.55.0.1","versionType":"custom","status":"affected","changes":[{"at":"1.55.0.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:16:58.167076Z","id":"CVE-2026-57814","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/forminator/vulnerability/wordpress-forminator-plugin-1-55-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57815","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.507","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through <= 1.55.0.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPMU DEV - Your All-in-One WordPress Platform","product":"Forminator","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"forminator","versions":[{"version":"0","lessThanOrEqual":"1.55.0.2","versionType":"custom","status":"affected","changes":[{"at":"1.55.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T10:24:52.320751Z","id":"CVE-2026-57815","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/forminator/vulnerability/wordpress-forminator-plugin-1-55-0-2-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57816","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.620","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.15.0.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"FunnelKit","product":"Funnel Builder by FunnelKit","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"funnel-builder","versions":[{"version":"0","lessThanOrEqual":"3.15.0.8","versionType":"custom","status":"affected","changes":[{"at":"3.15.0.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:25.508931Z","id":"CVE-2026-57816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-15-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-59515","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.737","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Sergey","product":"AIWU","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ai-copilot-content-generator","versions":[{"version":"0","lessThanOrEqual":"1.5.4","versionType":"custom","status":"affected","changes":[{"at":"1.5.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:15:08.549328Z","id":"CVE-2026-59515","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ai-copilot-content-generator/vulnerability/wordpress-aiwu-plugin-1-5-4-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-59516","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.860","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through <= 12.1.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Room 34 Creative Services, LLC","product":"ICS Calendar","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ics-calendar","versions":[{"version":"0","lessThanOrEqual":"12.1.1","versionType":"custom","status":"affected","changes":[{"at":"12.1.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:58:41.025382Z","id":"CVE-2026-59516","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/ics-calendar/vulnerability/wordpress-ics-calendar-plugin-12-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-59518","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:45.977","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"wpWax","product":"Directorist","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"directorist","versions":[{"version":"0","lessThanOrEqual":"8.8.2","versionType":"custom","status":"affected","changes":[{"at":"8.8.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:28:23.608466Z","id":"CVE-2026-59518","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/directorist/vulnerability/wordpress-directorist-plugin-8-8-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-59521","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.093","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ShapedPlugin LLC","product":"Real Testimonials","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"testimonial-free","versions":[{"version":"0","lessThanOrEqual":"3.1.15","versionType":"custom","status":"affected","changes":[{"at":"3.1.16","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:16:48.312795Z","id":"CVE-2026-59521","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/testimonial-free/vulnerability/wordpress-real-testimonials-plugin-3-1-15-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-59523","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.207","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.11.11."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"NSquared","product":"Simply Schedule Appointments","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"simply-schedule-appointments","versions":[{"version":"0","lessThanOrEqual":"1.6.11.11","versionType":"custom","status":"affected","changes":[{"at":"1.6.12.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T10:08:48.722876Z","id":"CVE-2026-59523","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/simply-schedule-appointments/vulnerability/wordpress-simply-schedule-appointments-plugin-1-6-11-11-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61952","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.330","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jose Vega","product":"WooCommerce Bulk Edit Products – WP Sheet Editor","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-bulk-edit-products","versions":[{"version":"0","lessThanOrEqual":"1.8.21","versionType":"custom","status":"affected","changes":[{"at":"1.8.22","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:24.110635Z","id":"CVE-2026-61952","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woo-bulk-edit-products/vulnerability/wordpress-woocommerce-bulk-edit-products-wp-sheet-editor-plugin-1-8-21-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61955","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.450","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through <= 3.0.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Hannan","product":"گرویتی فرم فارسی","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"persian-gravity-forms","versions":[{"version":"0","lessThanOrEqual":"3.0.2","versionType":"custom","status":"affected","changes":[{"at":"3.0.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:14:30.908581Z","id":"CVE-2026-61955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/persian-gravity-forms/vulnerability/wordpress-ro-t-frm-f-rs-plugin-3-0-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61956","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.573","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"hamsalam","product":"ووسلام &#8211; همگام سازی ووکامرس و باسلام","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sync-basalam","versions":[{"version":"0","lessThanOrEqual":"1.9.1","versionType":"custom","status":"affected","changes":[{"at":"1.9.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:46:45.757822Z","id":"CVE-2026-61956","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/sync-basalam/vulnerability/wordpress-oosl-m-hm-m-s-z-oo-mrs-o-b-sl-m-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61958","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.697","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.17."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Saad Iqbal","product":"License Manager for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"license-manager-for-woocommerce","versions":[{"version":"0","lessThanOrEqual":"3.0.17","versionType":"custom","status":"affected","changes":[{"at":"3.0.18","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:11:56.503288Z","id":"CVE-2026-61958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/license-manager-for-woocommerce/vulnerability/wordpress-license-manager-for-woocommerce-plugin-3-0-17-arbitrary-content-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61968","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.813","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Saad Iqbal","product":"myCred","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mycred","versions":[{"version":"0","lessThanOrEqual":"3.1.2","versionType":"custom","status":"affected","changes":[{"at":"3.2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:16:37.669540Z","id":"CVE-2026-61968","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61970","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:46.923","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeisle","product":"Auto Featured Image (Auto Post Thumbnail)","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"auto-post-thumbnail","versions":[{"version":"0","lessThanOrEqual":"5.0.4","versionType":"custom","status":"affected","changes":[{"at":"5.0.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T10:07:53.605791Z","id":"CVE-2026-61970","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/auto-post-thumbnail/vulnerability/wordpress-auto-featured-image-auto-post-thumbnail-plugin-5-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61971","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.040","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozmoslabs","product":"User Profile Picture","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"metronet-profile-picture","versions":[{"version":"0","lessThanOrEqual":"2.6.3","versionType":"custom","status":"affected","changes":[{"at":"2.6.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:54:22.588601Z","id":"CVE-2026-61971","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/metronet-profile-picture/vulnerability/wordpress-user-profile-picture-plugin-2-6-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61975","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.160","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through <= 3.0.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Crocoblock","product":"JetReviews","defaultStatus":"unaffected","collectionURL":"https://crocoblock.com","packageName":"jet-reviews","versions":[{"version":"0","lessThanOrEqual":"3.0.1","versionType":"custom","status":"affected","changes":[{"at":"3.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:13:36.379179Z","id":"CVE-2026-61975","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-497"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/jet-reviews/vulnerability/wordpress-jetreviews-plugin-3-0-1-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61976","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.280","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.5.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Crocoblock","product":"JetBlocks For Elementor","defaultStatus":"unaffected","collectionURL":"https://crocoblock.com","packageName":"jet-blocks","versions":[{"version":"0","lessThanOrEqual":"1.5.0","versionType":"custom","status":"affected","changes":[{"at":"1.5.0.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:46:21.195195Z","id":"CVE-2026-61976","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-497"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/jet-blocks/vulnerability/wordpress-jetblocks-for-elementor-plugin-1-5-0-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61977","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.400","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through <= 3.6.1.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Crocoblock","product":"JetSearch","defaultStatus":"unaffected","collectionURL":"https://crocoblock.com","packageName":"jet-search","versions":[{"version":"0","lessThanOrEqual":"3.6.1.2","versionType":"custom","status":"affected","changes":[{"at":"3.6.1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:30:00.820509Z","id":"CVE-2026-61977","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-497"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/jet-search/vulnerability/wordpress-jetsearch-plugin-3-6-1-2-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61983","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.510","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.30."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"andy_moyle","product":"Church Admin","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"church-admin","versions":[{"version":"0","lessThanOrEqual":"5.0.30","versionType":"custom","status":"affected","changes":[{"at":"5.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:16:26.556443Z","id":"CVE-2026-61983","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-30-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-61985","sourceIdentifier":"audit@patchstack.com","published":"2026-07-13T10:16:47.633","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"magepeopleteam","product":"Car Rental Manager","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"car-rental-manager","versions":[{"version":"0","lessThanOrEqual":"1.3.7","versionType":"custom","status":"affected","changes":[{"at":"1.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T10:07:25.792950Z","id":"CVE-2026-61985","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/car-rental-manager/vulnerability/wordpress-car-rental-manager-plugin-1-3-7-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-14934","sourceIdentifier":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","published":"2026-07-13T11:16:26.470","lastModified":"2026-07-13T19:49:49.190","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover.\n\n\nThis vulnerability was patched on 10 May 2026, and no customer action is needed."}],"affected":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","affectedData":[{"vendor":"Google Cloud","product":"BigQuery","defaultStatus":"unaffected","versions":[{"version":"2025-10","lessThan":"2026-05-10","versionType":"date","status":"affected"}]},{"vendor":"Google Cloud","product":"Dataform","defaultStatus":"unaffected","versions":[{"version":"2025-10","lessThan":"2026-05-10","versionType":"date","status":"affected"}]},{"vendor":"Google Cloud","product":"Colab Enterprise","defaultStatus":"unaffected","versions":[{"version":"2025-10","lessThan":"2026-05-10","versionType":"date","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"CLEAR"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:12:08.053435Z","id":"CVE-2026-14934","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://docs.cloud.google.com/support/bulletins#gcp-2026-047","source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c"}]}},{"cve":{"id":"CVE-2026-4765","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-07-13T11:16:27.450","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the conversation, the malicious script also executes in their browser, increasing the impact. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of the application."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"RD Station Conversas","product":"Tallos Chat","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux","Android","iOS"],"versions":[{"version":"all versions","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:14:09.748715Z","id":"CVE-2026-4765","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-tallos-chat-rd-station-conversas","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-6541","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T11:16:28.080","lastModified":"2026-07-13T20:39:12.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.1","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.2","status":"unaffected"},{"version":"11.6.5","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:09:03.398556Z","id":"CVE-2026-6541","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.2","matchCriteriaId":"280B8266-66BD-4AD8-86C7-2EAB517B570D"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9820","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T11:16:28.203","lastModified":"2026-07-13T20:38:36.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:09:24.482863Z","id":"CVE-2026-9820","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9824","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-07-13T11:16:28.317","lastModified":"2026-07-13T20:38:00.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.2","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.4","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.19","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.3","status":"unaffected"},{"version":"11.6.5","status":"unaffected"},{"version":"10.11.20","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:10:30.276593Z","id":"CVE-2026-9824","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.20","matchCriteriaId":"806B772A-4575-47F4-BD6B-7422C9045190"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.5","matchCriteriaId":"2B2D3A05-5A6F-4121-80BE-6DC87A30C354"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.3","matchCriteriaId":"61277B68-8856-4C8A-97CC-E37742682A4B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12257","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-07-13T12:16:29.150","lastModified":"2026-07-13T18:05:36.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion engine. As a result, a remote attacker could exploit this vulnerability to inject and execute arbitrary CFML (ColdFusion Markup Language) expressions and instantiate malicious Java objects, thereby compromising the system’s security."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Mura Software","product":"CMS","defaultStatus":"unaffected","versions":[{"version":"10.0.712","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:06:28.442100Z","id":"CVE-2026-12257","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/remote-code-execution-mura-softwares-cms","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-15558","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T12:16:30.590","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"CodeAstro","product":"Simple Online Leave Management System","cpes":["cpe:2.3:a:codeastro:simple_online_leave_management_system:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:44:29.944959Z","id":"CVE-2026-15558","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://codeastro.com/","source":"cna@vuldb.com"},{"url":"https://github.com/sl1der-fr0g/Findings/issues/2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15558","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855188","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377907","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377907/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-62147","sourceIdentifier":"secalert@redhat.com","published":"2026-07-13T12:16:34.927","lastModified":"2026-07-13T17:01:11.600","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhosdt/tempo-operator-bundle","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhosdt/tempo-rhel9-operator","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:43:40.942746Z","id":"CVE-2026-62147","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-62147","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2499635","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-15559","sourceIdentifier":"cna@vuldb.com","published":"2026-07-13T13:16:30.410","lastModified":"2026-07-13T16:57:56.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Performing a manipulation of the argument appid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"CodeAstro","product":"Simple Online Leave Management System","cpes":["cpe:2.3:a:codeastro:simple_online_leave_management_system:*:*:*:*:*:*:*:*"],"modules":["POST Handler"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:03:30.545173Z","id":"CVE-2026-15559","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://codeastro.com/","source":"cna@vuldb.com"},{"url":"https://github.com/sl1der-fr0g/Findings/issues/3","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15559","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/855189","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377908","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377908/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-40467","sourceIdentifier":"cvd@cert.pl","published":"2026-07-13T13:16:36.770","lastModified":"2026-07-14T01:13:59.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use After Free vulnerability has been found in \"io.c\" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"GNU","product":"gawk","defaultStatus":"unaffected","programFiles":["io.c"],"programRoutines":[{"name":"do_getline_redir()"}],"repo":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/","versions":[{"version":"0","lessThanOrEqual":"5.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:02:16.597089Z","id":"CVE-2026-40467","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fossies:gawk:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4.0","matchCriteriaId":"60E16480-ADBA-451D-B1E4-46FFAE9C7083"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/07/CVE-2026-40467","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=a2d18c74109e41bec29a23098eba2e00057286d8","source":"cvd@cert.pl","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-40468","sourceIdentifier":"cvd@cert.pl","published":"2026-07-13T13:16:36.907","lastModified":"2026-07-14T01:12:11.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow vulnerability has been found in \"builtin.c\" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"GNU","product":"gawk","defaultStatus":"unaffected","programFiles":["builtin.c"],"repo":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/","versions":[{"version":"0","lessThanOrEqual":"5.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:01:23.431213Z","id":"CVE-2026-40468","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fossies:gawk:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4.0","matchCriteriaId":"60E16480-ADBA-451D-B1E4-46FFAE9C7083"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/07/CVE-2026-40467","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=062f2f2581b991362c046f7f2e238ffa34e6f8c7","source":"cvd@cert.pl","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-40469","sourceIdentifier":"cvd@cert.pl","published":"2026-07-13T13:16:37.033","lastModified":"2026-07-14T01:11:18.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow vulnerability has been found in \"builtin.c\" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"GNU","product":"gawk","defaultStatus":"unaffected","platforms":["32 bit"],"programFiles":["builtin.c"],"programRoutines":[{"name":"do_sub()"}],"repo":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/","versions":[{"version":"0","lessThanOrEqual":"5.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:00:59.533242Z","id":"CVE-2026-40469","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fossies:gawk:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4.0","matchCriteriaId":"60E16480-ADBA-451D-B1E4-46FFAE9C7083"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/07/CVE-2026-40467","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=ae1b2d508f46913269a9e62aceda3636afe8147b","source":"cvd@cert.pl","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-40553","sourceIdentifier":"cvd@cert.pl","published":"2026-07-13T13:16:37.147","lastModified":"2026-07-14T01:10:20.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow vulnerability has been found in \"extension/readdir.c\" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"GNU","product":"gawk","defaultStatus":"unaffected","programFiles":["readdir.c"],"programRoutines":[{"name":"ftype()"}],"repo":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/","versions":[{"version":"0","lessThanOrEqual":"5.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T13:00:40.324542Z","id":"CVE-2026-40553","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fossies:gawk:*:*:*:*:*:*:*:*","versionEndIncluding":"5.4.0","matchCriteriaId":"60E16480-ADBA-451D-B1E4-46FFAE9C7083"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/07/CVE-2026-40467","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=cca0366144336b49aaa7d5d949966ce8e2c70843","source":"cvd@cert.pl","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-60121","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-13T14:16:32.067","lastModified":"2026-07-13T19:28:17.967","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a double-evaluation flaw in shell argument handling. The endpoint applies escapeshellarg() to the user-supplied host POST parameter before passing it to a system wrapper, but the wrapper retrieves the decoded value from argv and incorporates it into a second shell_exec() call without escaping, allowing injected commands to execute with root privileges via passwordless sudo."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"VITEC","product":"Flamingo","defaultStatus":"affected","versions":[{"version":"4.12.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T14:02:10.325685Z","id":"CVE-2026-60121","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://damiri.fr/en/cve/CVE-2026-60121","source":"disclosure@vulncheck.com"},{"url":"https://www.vitec.com/solutions/iptv-distribution","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vitec-flamingo-unauthenticated-os-command-injection-via-ping-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61692","sourceIdentifier":"security-advisories@github.com","published":"2026-07-13T16:16:42.910","lastModified":"2026-07-13T16:16:42.910","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61454. Reason: This candidate is a duplicate of CVE-2026-61454. Notes: All CVE users should reference CVE-2026-61454 instead of this candidate."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-60103","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-13T18:16:29.353","lastModified":"2026-07-13T19:49:37.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"blender","product":"blender","defaultStatus":"affected","repo":"https://projects.blender.org/blender/blender","versions":[{"version":"3.0.0","lessThanOrEqual":"5.1.2","versionType":"semver","status":"affected"},{"version":"968972a918b5ed2d534295b639c54449d7de11cd","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://projects.blender.org/blender/blender/commit/968972a918b5ed2d534295b639c54449d7de11cd","source":"disclosure@vulncheck.com"},{"url":"https://projects.blender.org/blender/blender/pulls/161273","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/blender-out-of-bounds-read-via-crafted-blend-sdna-block","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61462","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-13T18:16:29.633","lastModified":"2026-07-13T20:03:31.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted job_id values like ../../../user to escape the intended path prefix and access arbitrary GitLab API resources using the operator's personal access token."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"zereight","product":"mcp-gitlab","defaultStatus":"affected","packageURL":"pkg:npm/zereight/mcp-gitlab","versions":[{"version":"0","lessThan":"2.1.18","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:49:52.388940Z","id":"CVE-2026-61462","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/zereight/gitlab-mcp","source":"disclosure@vulncheck.com"},{"url":"https://github.com/zereight/gitlab-mcp/commit/e2a81a047ab8750fa5bfa1763b5d85e5616f3994","source":"disclosure@vulncheck.com"},{"url":"https://github.com/zereight/gitlab-mcp/issues/587","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mcp-gitlab-path-traversal-via-job-id-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/zereight/gitlab-mcp/issues/587","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61463","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-13T18:16:29.770","lastModified":"2026-07-13T19:49:37.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"go-shiori","product":"shiori","defaultStatus":"affected","packageURL":"pkg:golang/github.com/go-shiori/shiori","versions":[{"version":"0","lessThan":"1.8.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:26:42.648759Z","id":"CVE-2026-61463","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/go-shiori/shiori","source":"disclosure@vulncheck.com"},{"url":"https://github.com/go-shiori/shiori/commit/6c8a7dbc11b131609bfda736b14d61c51f9027b2","source":"disclosure@vulncheck.com"},{"url":"https://github.com/go-shiori/shiori/issues/1196","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/shiori-authenticated-privilege-escalation-via-patch-api-v1-auth-account","source":"disclosure@vulncheck.com"},{"url":"https://github.com/go-shiori/shiori/issues/1196","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-45869","sourceIdentifier":"cve@mitre.org","published":"2026-07-13T19:16:36.360","lastModified":"2026-07-13T20:37:48.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:28:29.972651Z","id":"CVE-2025-45869","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/netero1010/Vulnerability-Disclosure/blob/main/CVE-2025-45869/README.md","source":"cve@mitre.org"},{"url":"https://www.logicaldoc.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-26396","sourceIdentifier":"cve@mitre.org","published":"2026-07-13T19:17:03.320","lastModified":"2026-07-13T20:37:48.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory traversal vulnerability that may result in sensitive information disclosure."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T19:45:15.663483Z","id":"CVE-2026-26396","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://gist.github.com/jack2223333/f79f233b67d6506b9dd184399525cbf4","source":"cve@mitre.org"},{"url":"https://gist.github.com/jack2223333/f79f233b67d6506b9dd184399525cbf4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55772","sourceIdentifier":"security-advisories@github.com","published":"2026-07-13T19:17:15.183","lastModified":"2026-07-13T19:49:37.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Record-to-Entity type confusion across the Java-Rust FFI boundary. CedarJava sends authorization requests to the Rust cedar-policy evaluator as JSON. The JSON protocol reserves magic single-key object shapes (__entity and __extn) for entity references and extension values. When serializing a CedarMap, there is no validation preventing these reserved keys from being used. If an integrating service builds a CedarMap from caller-supplied key/value data (such as request headers, user-defined metadata, or resource tags), an actor who controls those keys could cause the Rust evaluator to interpret a record as an entity reference. This issue requires the integrating service to build a CedarMap where the an actor controls the keys, and a policy must reference that value in a when/unless clause. This vulnerability has been fixed in versions 2.3.6, 3.4.1, and 4.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cedar-policy","product":"cedar-java","versions":[{"version":"< 2.3.6","status":"affected"},{"version":">= 3.1.2, < 3.4.1","status":"affected"},{"version":">= 4.0.0, < 4.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-843"}]}],"references":[{"url":"https://github.com/cedar-policy/cedar-java/security/advisories/GHSA-93g4-m6xv-cmvr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58228","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-13T19:17:30.317","lastModified":"2026-07-13T20:37:48.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session.\n\nThe Phoenix.LiveView.Utils.valid_destination!/2 and Phoenix.LiveView.Utils.valid_live_navigation_destination!/2 functions in lib/phoenix_live_view/utils.ex rely on an internal uri_scheme/1 helper that only detects a scheme when the input's first byte is an ASCII letter. Inputs beginning with an ASCII control character or space fall through to a nil-returning clause, causing the URL to be treated as a safe relative path.\n\nStandard browsers implement the WHATWG URL parser, which strips leading C0 control and space characters before parsing. As a result, an input such as \" javascript:alert(1)\" is passed unchanged into <.link href={...}> and, when clicked, is parsed by the browser as a javascript: URL that executes attacker-controlled script in the victim's session.\n\nApplications that render user-supplied URLs (for example profile links, redirect targets, or external references) via <.link href={...}> are affected.\n\nThis issue affects phoenix_live_view: from 1.2.2 before 1.2.7."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"phoenixframework","product":"phoenix_live_view","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"phoenix_live_view","cpes":["cpe:2.3:a:phoenixframework:phoenix_live_view:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Phoenix.LiveView.Utils'"],"programFiles":["lib/phoenix_live_view/utils.ex"],"programRoutines":[{"name":"'Elixir.Phoenix.LiveView.Utils':valid_destination!/2"},{"name":"'Elixir.Phoenix.LiveView.Utils':valid_live_navigation_destination!/2"}],"repo":"https://github.com/phoenixframework/phoenix_live_view","packageURL":"pkg:hex/phoenix_live_view","versions":[{"version":"1.2.2","lessThan":"1.2.7","versionType":"semver","status":"affected"}]},{"vendor":"phoenixframework","product":"phoenix_live_view","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"phoenixframework/phoenix_live_view","cpes":["cpe:2.3:a:phoenixframework:phoenix_live_view:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Phoenix.LiveView.Utils'"],"programFiles":["lib/phoenix_live_view/utils.ex"],"programRoutines":[{"name":"'Elixir.Phoenix.LiveView.Utils':valid_destination!/2"},{"name":"'Elixir.Phoenix.LiveView.Utils':valid_live_navigation_destination!/2"}],"repo":"https://github.com/phoenixframework/phoenix_live_view","packageURL":"pkg:github/phoenixframework/phoenix_live_view","versions":[{"version":"4b63216ae68886db99cf7772af23372d76c40e7e","lessThan":"86165533e311469a1b62093fd182d9d874de8106","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:58:11.563760Z","id":"CVE-2026-58228","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-58228.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phoenixframework/phoenix_live_view/commit/86165533e311469a1b62093fd182d9d874de8106","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phoenixframework/phoenix_live_view/security/advisories/GHSA-5cgh-g58j-m9cq","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-58228","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phoenixframework/phoenix_live_view/security/advisories/GHSA-5cgh-g58j-m9cq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58407","sourceIdentifier":"security-advisories@github.com","published":"2026-07-13T20:16:49.700","lastModified":"2026-07-13T20:16:49.700","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Please submit CVE requests for each vulnerability."}],"metrics":{},"references":[]}}]}