Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-55487

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-25 Jun, 2026 | 16:41
Updated At-25 Jun, 2026 | 18:03
Rejected At-
Credits

pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:25 Jun, 2026 | 16:41
Updated At:25 Jun, 2026 | 18:03
Rejected At:
â–¼CVE Numbering Authority (CNA)
pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

Affected Products
Vendor
pnpm
Product
pnpm
Versions
Affected
  • < 10.34.2
  • >= 11.0.0, < 11.5.3
Problem Types
TypeCWE IDDescription
CWECWE-346CWE-346: Origin Validation Error
CWECWE-693CWE-693: Protection Mechanism Failure
CWECWE-829CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-346
Description: CWE-346: Origin Validation Error
Type: CWE
CWE ID: CWE-693
Description: CWE-693: Protection Mechanism Failure
Type: CWE
CWE ID: CWE-829
Description: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
x_refsource_CONFIRM
Hyperlink: https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
exploit
Hyperlink: https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:25 Jun, 2026 | 18:16
Updated At:29 Jun, 2026 | 21:16

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

pnpm
pnpm
>>pnpm>>Versions before 10.34.2(exclusive)
cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*
pnpm
pnpm
>>pnpm>>Versions from 11.0.0(inclusive) to 11.5.3(exclusive)
cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-346Secondarysecurity-advisories@github.com
CWE-693Secondarysecurity-advisories@github.com
CWE-829Secondarysecurity-advisories@github.com
CWE ID: CWE-346
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-693
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-829
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57rsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/pnpm/pnpm/security/advisories/GHSA-5wx6-mg75-v57r
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

80Records found

CVE-2026-55698
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 9.19%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:43
Updated-30 Jun, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-55697
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 2.69%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:42
Updated-30 Jun, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Repository-controlled configDependencies can select a pacquet native install engine

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-69264
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.02% / 59.27%
||
7 Day CHG+0.21%
Published-07 Jan, 2026 | 21:53
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval. This issue is fixed in version 10.26.0.

Action-Not Available
Vendor-pnpmpnpmRed Hat, Inc.
Product-pnpmpnpmRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-50016
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.33% / 24.52%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:53
Updated-29 Jun, 2026 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause `pnpm install --ignore-scripts` to replace paths in the current project with symlinks to attacker-controlled dependency package directories. This vulnerability is fixed in 10.34.0 and 11.4.0.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-48995
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:58
Updated-29 Jun, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-353
Missing Support for Integrity Check
CVE-2025-69263
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 22.79%
||
7 Day CHG+0.08%
Published-07 Jan, 2026 | 21:31
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm Lockfile Integrity Bypass Allows Remote Dynamic Dependencies

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package with an HTTP tarball dependency can serve different code to different users or CI/CD environments. The attack requires the victim to install a package that has an HTTP/git tarball in its dependency tree. The victim's lockfile provides no protection. This issue is fixed in version 10.26.0.

Action-Not Available
Vendor-pnpmpnpmRed Hat, Inc.
Product-pnpmpnpmRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2026-8945
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.91%
||
7 Day CHG+0.07%
Published-19 May, 2026 | 12:29
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in Firefox and Firefox Focus for Android

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxfirefox_focusFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8585
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.18% / 7.39%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:52
Updated-19 May, 2026 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCApple Inc.
Product-iphone_oschromeChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8426
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-7.5||HIGH
EPSS-0.17% / 6.73%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:22
Updated-26 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Concrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwrite

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade() method to execute in a single browser navigation. This results in remote code execution as the web server user.   In order to be vulnerable, the victim must be passing canInstallPackages, victim site must be connected to the Concrete marketplace; and the attacker controls the package returned for a marketplace item ID already installed on the victim site. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-8401
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 23.17%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 14:24
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the Profile Backup component

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-6657
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.62%
||
7 Day CHG+0.06%
Published-03 Jun, 2026 | 15:06
Updated-30 Jun, 2026 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

Action-Not Available
Vendor-jupyterjupyter
Product-jupyter_serverjupyter/jupyter
CWE ID-CWE-346
Origin Validation Error
CVE-2026-58169
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.37%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 15:52
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to 0.0.0.0 with credentialed CORS. Attackers can craft a malicious DNS rebinding page to issue authenticated requests to the local API server, reach the shell execution endpoint with a bash-enabled preset, and achieve remote code execution as the API process user while also overwriting LLM and data-source settings to exfiltrate credentials.

Action-Not Available
Vendor-HKUDS
Product-Vibe-Trading
CWE ID-CWE-346
Origin Validation Error
CVE-2026-53810
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 20:07
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2022-26137
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-8.8||HIGH
EPSS-1.85% / 76.53%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 17:25
Updated-03 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.

Action-Not Available
Vendor-Atlassian
Product-confluence_data_centerfisheyejira_serverbitbucketjira_service_deskbamboocruciblejira_data_centercrowdconfluence_serverjira_service_managementBamboo Data CenterBamboo ServerJira Service Management ServerConfluence ServerCrowd ServerBitbucket ServerJira Core ServerCrucibleFisheyeJira Service Management Data CenterConfluence Data CenterBitbucket Data CenterJira Software ServerCrowd Data CenterJira Software Data Centerconfluence_data_centerfisheyejira_serverbitbucketjira_service_deskbamboocruciblejira_data_centercrowdconfluence_serverjira_service_management
CWE ID-CWE-180
Incorrect Behavior Order: Validate Before Canonicalize
CWE ID-CWE-346
Origin Validation Error
CVE-2026-8428
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-7.5||HIGH
EPSS-0.13% / 3.09%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:24
Updated-26 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and below

Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashboard/system/update/update.php never calls $this->token->validate('do_update'). The form is rendered as a POST form, meaning the token reaches the browser, but because the controller discards it without verification, an attacker can craft a cross-site POST that triggers a core CMS update to an attacker-specified version string.  In order to be vulnerable, theictim must be passing canUpgrade()anda valid update version must be present under DIR_CORE_UPDATES. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-46580
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:26
Updated-22 Jun, 2026 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-1427
Improper Neutralization of Input Used for LLM Prompting
CVE-2026-6859
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.42% / 33.53%
||
7 Day CHG+0.06%
Published-22 Apr, 2026 | 13:04
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

Action-Not Available
Vendor-Red Hat, Inc.
Product-instructlabenterprise_linux_aiRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-44688
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:22
Updated-22 Jun, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-1427
Improper Neutralization of Input Used for LLM Prompting
CVE-2026-44691
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.23% / 13.88%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:35
Updated-22 Jun, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-36727
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.3||HIGH
EPSS-0.42% / 34.02%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 16:37
Updated-26 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleHelp Inclusion of functionality from untrusted control sphere

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.

Action-Not Available
Vendor-simple-helpSimplehelp
Product-simplehelpSimplehelp
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-43569
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.38% / 30.06%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-07 May, 2026 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-4447
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.35% / 27.40%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 01:34
Updated-10 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromelinux_kernelwindowsmacosChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-14409
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.25% / 15.88%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 22:21
Updated-03 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2015-4495
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-70.23% / 99.30%
||
7 Day CHG~0.00%
Published-08 Aug, 2015 | 00:00
Updated-22 Apr, 2026 | 10:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.Red Hat, Inc.Oracle CorporationSUSE
Product-firefoxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplinux_enterprise_debuginfosolarislinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_eusfirefox_oslinux_enterprise_software_development_kitopensusen/aFirefox
CWE ID-CWE-346
Origin Validation Error
CVE-2026-42559
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 11.59%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 14:24
Updated-14 May, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface. This vulnerability is fixed in 1.4.0.

Action-Not Available
Vendor-modelcontextprotocol
Product-rust-sdk
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
CVE-2022-25227
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.62% / 45.46%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 11:02
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.

Action-Not Available
Vendor-cybelesoftn/a
Product-thinfinity_vncThinfinity VNC
CWE ID-CWE-346
Origin Validation Error
CVE-2025-27607
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.45% / 70.18%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 16:18
Updated-01 Jul, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

Action-Not Available
Vendor-nhairsnhairs
Product-python_json_loggerpython-json-logger
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-20236
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.55%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:16
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_teamsCisco Webex Teams
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-34373
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 10.21%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 14:38
Updated-02 Apr, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This bypasses origin restrictions that operators configure to control which websites can interact with the Parse Server API. The REST API correctly enforces the configured allowOrigin restriction. This issue has been patched in versions 8.6.66 and 9.7.0-alpha.10.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-346
Origin Validation Error
CVE-2026-32225
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.53%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_11_26h1windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows Server 2016Windows 11 Version 25H2Windows Server 2012Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2025Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-32920
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.33% / 24.93%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 11:17
Updated-23 Jun, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins

OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2023-29505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.89% / 55.07%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 00:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_network_configuration_managern/a
CWE ID-CWE-346
Origin Validation Error
CVE-2023-2848
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8||HIGH
EPSS-0.31% / 22.69%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 11:36
Updated-25 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.

Action-Not Available
Vendor-movimMovimmovim
Product-movimMovimmovim
CWE ID-CWE-1385
Missing Origin Validation in WebSockets
CWE ID-CWE-346
Origin Validation Error
CVE-2025-10201
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.26% / 17.14%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 19:12
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLC
Product-chromeandroidchrome_oslinux_kernelChrome
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-346
Origin Validation Error
CVE-2021-4229
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5||MEDIUM
EPSS-1.31% / 67.21%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 15:30
Updated-15 Apr, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ua-parser-js Crypto Mining backdoor

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-ua-parser-js_projectunspecified
Product-ua-parser-jsua-parser-js
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-2761
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.40% / 31.51%
||
7 Day CHG-0.00%
Published-24 Feb, 2026 | 13:33
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the Graphics: WebRender component

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-2768
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.37% / 28.55%
||
7 Day CHG+0.01%
Published-24 Feb, 2026 | 13:33
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the Storage: IndexedDB component

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-41088
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8||HIGH
EPSS-0.52% / 40.29%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 19:55
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via the web UI backend of Elvish

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).

Action-Not Available
Vendor-elvelves
Product-elvishelvish
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-346
Origin Validation Error
CVE-2026-2790
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 13.60%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the Networking: JAR component

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-346
Origin Validation Error
CVE-2026-27893
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.43%
||
7 Day CHG+0.61%
Published-26 Mar, 2026 | 23:56
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

Action-Not Available
Vendor-vllmvllm-projectRed Hat, Inc.
Product-vllmvllmRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat AI Inference Server 3.2Red Hat AI Inference ServerRed Hat Enterprise Linux AI 3.3Red Hat AI Inference Server 3.3
CWE ID-CWE-501
Trust Boundary Violation
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-31718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.06%
||
7 Day CHG~0.00%
Published-25 Apr, 2021 | 18:35
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

Action-Not Available
Vendor-npupnp_projectn/a
Product-npupnpn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2021-31982
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 67.06%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 23:08
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-22794
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.39% / 31.23%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 21:54
Updated-21 Jan, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Account Takeover Vulnerability in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

Action-Not Available
Vendor-appsmithappsmithorg
Product-appsmithappsmith
CWE ID-CWE-346
Origin Validation Error
CVE-2022-50975
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.23% / 13.27%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 14:07
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated access to device configuration

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

Action-Not Available
Vendor-Innomicavibia
Product-VibroLine VLE4 HD 5.0VibroLine VLX6 HD 5.0AvibiaLine AVLE1 HD 5.0VibroLine VLX2 HD 4.0VibroLine VLE6 HD 4.0AvibiaLine AVLX8 HD 5.0VibroLine VLX6 HD 4.0VibroLine VLX1 HD 4.0VibroLine VLX4 HD 5.0VibroLine VLE6 HD 5.0AvibiaLine AVLE6 HD 5.0AvibiaLine AVLE4 HD 5.0VibroLine VLE2 HD 5.0AvibiaLine AVLE2 HD 5.0AvibiaLine AVLX4 HD 5.0AvibiaLine AVLX1 HD 5.0AvibiaLine AVLE8 HD 5.0VibroLine VLX2 HD 5.0AvibiaLine AVLX2 HD 5.0VibroLine VLE1 HD 4.0VibroLine VLX8 HD 4.0VibroLine VLE8 HD 4.0VibroLine VLE8 HD 5.0VibroLine VLE4 HD 4.0VibroLine VLE1 HD 5.0VibroLine VLX8 HD 5.0AvibiaLine AVLX6 HD 5.0VibroLine VLX1 HD 5.0VibroLine VLE2 HD 4.0VibroLine VLX4 HD 4.0
CWE ID-CWE-346
Origin Validation Error
CVE-2026-22283
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.21% / 11.62%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 14:24
Updated-25 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerPowerFlex
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-21513
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-15.38% / 96.38%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
MSHTML Framework Security Feature Bypass Vulnerability

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-21510
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.84% / 97.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-12295
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 31.22%
||
7 Day CHG+0.08%
Published-16 Jun, 2026 | 11:52
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the DOM: Navigation component

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-12296
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 31.22%
||
7 Day CHG+0.09%
Published-16 Jun, 2026 | 11:52
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the Security: Process Sandboxing component

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-403
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-11248
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.24% / 15.12%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-693
Protection Mechanism Failure
  • Previous
  • 1
  • 2
  • Next
Details not found