Search

Find a vulnerability

Search criteria

    56 vulnerabilities

    CVE-2026-11946 (GCVE-0-2026-11946)

    Vulnerability from cvelistv5 – Published: 2026-07-02 10:54 – Updated: 2026-07-02 12:15
    VLAI
    Title
    GetEndpoints Memory Exhaustion in open62541
    Summary
    An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    • CWE-789 - Memory allocation with excessive size value
    Assigner
    Impacted products
    Vendor Product Version
    open62541 project / o6 Automation GmbH open62541 Affected: 1.4.0 , ≤ 1.4.16 (semver)
    Affected: 1.5.0 , ≤ 1.5.4 (semver)
    Affected: master (custom)
    Create a notification for this product.
    Credits
    Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11946",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:15:40.618622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:15:49.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "open62541",
              "vendor": "open62541 project / o6 Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.16",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.4",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "master",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eAn unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\u003c/span\u003e\n\n\n\n\u003cspan\u003eThe\u0026nbsp;\u003c/span\u003eissue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
                }
              ],
              "value": "An unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\n\n\n\nThe\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of resources without limits or throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory allocation with excessive size value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T10:54:17.782Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/open62541/open62541/pull/8142"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/open62541/open62541"
            }
          ],
          "source": {
            "advisory": "SA-2026-0002",
            "discovery": "UNKNOWN"
          },
          "title": "GetEndpoints Memory Exhaustion in open62541",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-11946",
        "datePublished": "2026-07-02T10:54:17.782Z",
        "dateReserved": "2026-06-10T21:38:14.592Z",
        "dateUpdated": "2026-07-02T12:15:49.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33592 (GCVE-0-2026-33592)

    Vulnerability from cvelistv5 – Published: 2026-07-02 07:12 – Updated: 2026-07-02 12:30
    VLAI
    Title
    FindServers Memory Exhaustion in open62541
    Summary
    An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    • CWE-789 - Memory allocation with excessive size value
    Assigner
    Impacted products
    Vendor Product Version
    open62541 project / o6 Automation GmbH open62541 Affected: 1.4.0 , ≤ 1.4.16 (semver)
    Affected: 1.5.0 , ≤ 1.5.4 (semver)
    Affected: master (custom)
    Create a notification for this product.
    Credits
    Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:29:37.308768Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:30:18.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "open62541",
              "vendor": "open62541 project / o6 Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.16",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.4",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "master",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eAn unauthenticated remote attacker can exhaust\nserver memory via the FindServers Discovery Service in open62541. The\nserverUris field of FindServersRequest is not validated for length or array\nsize. An attacker can declare an arbitrarily large string (up to ~3.9 GB)\ndelivered across intermediate chunks without ever sending the final chunk. The\nserver buffers all chunks in RAM indefinitely until the SecureChannel times\nout. The attack is pre-session and bypasses all encryption configuration. The\u0026nbsp;\u003c/span\u003eissue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
                }
              ],
              "value": "An unauthenticated remote attacker can exhaust\nserver memory via the FindServers Discovery Service in open62541. The\nserverUris field of FindServersRequest is not validated for length or array\nsize. An attacker can declare an arbitrarily large string (up to ~3.9 GB)\ndelivered across intermediate chunks without ever sending the final chunk. The\nserver buffers all chunks in RAM indefinitely until the SecureChannel times\nout. The attack is pre-session and bypasses all encryption configuration. The\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of resources without limits or throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory allocation with excessive size value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T07:12:24.250Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/open62541/open62541/pull/8142"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/open62541/open62541"
            }
          ],
          "source": {
            "advisory": "SA-2026-0002",
            "discovery": "UNKNOWN"
          },
          "title": "FindServers Memory Exhaustion in open62541",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33592",
        "datePublished": "2026-07-02T07:12:24.250Z",
        "dateReserved": "2026-03-23T12:53:47.475Z",
        "dateUpdated": "2026-07-02T12:30:18.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22313 (GCVE-0-2026-22313)

    Vulnerability from cvelistv5 – Published: 2026-06-16 18:36 – Updated: 2026-06-17 15:04
    VLAI
    Title
    OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector
    Summary
    The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command
    Assigner
    References
    URL Tags
    https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313 third-party-advisory
    Impacted products
    Vendor Product Version
    Radiflow iSAP Smart Collector Affected: 3.07-1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:03:56.405202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:04:07.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "iSAP Smart Collector",
              "vendor": "Radiflow",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.07-1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send\narbitrary commands to the device that are executed with administrative permissions by the underlying operating system."
                }
              ],
              "value": "The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send\narbitrary commands to the device that are executed with administrative permissions by the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T18:49:30.740Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-22313",
        "datePublished": "2026-06-16T18:36:41.423Z",
        "dateReserved": "2026-01-07T09:31:00.563Z",
        "dateUpdated": "2026-06-17T15:04:07.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22312 (GCVE-0-2026-22312)

    Vulnerability from cvelistv5 – Published: 2026-06-16 18:19 – Updated: 2026-06-17 12:18
    VLAI
    Title
    Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector
    Summary
    The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312 third-party-advisory
    Impacted products
    Vendor Product Version
    Radiflow iSAP Smart Collector Affected: 3.07-1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T12:18:32.031146Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T12:18:41.856Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "iSAP Smart Collector",
              "vendor": "Radiflow",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.07-1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration\nand execute some commands (e.g. system reboot)."
                }
              ],
              "value": "The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration\nand execute some commands (e.g. system reboot)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T18:38:16.344Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-22312",
        "datePublished": "2026-06-16T18:19:33.358Z",
        "dateReserved": "2026-01-07T09:31:00.563Z",
        "dateUpdated": "2026-06-17T12:18:41.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25600 (GCVE-0-2026-25600)

    Vulnerability from cvelistv5 – Published: 2026-06-01 09:37 – Updated: 2026-06-01 13:01
    VLAI
    Title
    Credential Exposure Vulnerability in Trac PDBM
    Summary
    The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant across installations, any attacker with sufficient local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored password and authenticate as the user defined in the configuration file. In the affected version, this user account is configured with administrative privileges, granting full access to PDBM’s management interface and its underlying operational functions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://www.cert.si/en/cve-2026-25600/ third-party-advisory
    Impacted products
    Vendor Product Version
    Trac d.o.o. PDBM Affected: 0 , < 2.0.0.0 (semver)
    Create a notification for this product.
    Credits
    Mijo Mišić, Combis d.o.o.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:01:42.272560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:01:53.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PDBM",
              "vendor": "Trac d.o.o.",
              "versions": [
                {
                  "lessThan": "2.0.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mijo Mi\u0161i\u0107, Combis d.o.o."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe PDBM application relies on a static, hard\u2011coded secret embedded \nin the PDBM.exe executable. This secret is used by the application\u2019s \nencryption routines, including the function responsible for decrypting \ncredentials stored in the product\u2019s configuration file. Because the \nsecret is constant across installations, any attacker with sufficient \nlocal privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored \npassword and authenticate as the user defined in the configuration file.\n In the affected version, this user account is configured with \nadministrative privileges, granting full access to PDBM\u2019s management \ninterface and its underlying operational functions.\u003c/p\u003e"
                }
              ],
              "value": "The PDBM application relies on a static, hard\u2011coded secret embedded \nin the PDBM.exe executable. This secret is used by the application\u2019s \nencryption routines, including the function responsible for decrypting \ncredentials stored in the product\u2019s configuration file. Because the \nsecret is constant across installations, any attacker with sufficient \nlocal privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored \npassword and authenticate as the user defined in the configuration file.\n In the affected version, this user account is configured with \nadministrative privileges, granting full access to PDBM\u2019s management \ninterface and its underlying operational functions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T09:37:48.852Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cert.si/en/cve-2026-25600/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Credential Exposure Vulnerability in Trac PDBM",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-25600",
        "datePublished": "2026-06-01T09:37:48.852Z",
        "dateReserved": "2026-02-03T07:24:49.547Z",
        "dateUpdated": "2026-06-01T13:01:53.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25599 (GCVE-0-2026-25599)

    Vulnerability from cvelistv5 – Published: 2026-06-01 09:17 – Updated: 2026-06-01 13:01 Unsupported When Assigned
    VLAI
    Title
    Missing authentication and clear‑text data transmission affecting Orca heat pumps
    Summary
    Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices communicating with the Orca server over an unencrypted and unauthenticated HTTP connection on a non-secure port specifically enable an attacker to impersonate a legitimate device and inject malicious payloads. This enables the insertion of harmful code directly into the Orca user portal, potentially compromising user accounts, exposing sensitive information, and allowing further unauthorized actions within the portal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    • CWE-306 - Missing authentication for critical function
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    References
    Impacted products
    Credits
    Tom Kern, NIL d.o.o.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T13:01:12.777564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T13:01:21.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Orca heat pump",
              "vendor": "Orca Energy",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Orca user portal",
              "vendor": "Orca Energy",
              "versions": [
                {
                  "lessThan": "1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tom Kern, NIL d.o.o."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authentication and clear\u2011text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump\u2019s web control interface.\u0026nbsp;Older Orca heat pump devices communicating with the Orca server over an \nunencrypted and unauthenticated HTTP connection on a non-secure port specifically enable an\n attacker to impersonate a legitimate device and inject malicious \npayloads. This enables the insertion of harmful code directly\n into the Orca user portal, potentially compromising user accounts, \nexposing sensitive information, and allowing further unauthorized \nactions within the portal."
                }
              ],
              "value": "Missing authentication and clear\u2011text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump\u2019s web control interface.\u00a0Older Orca heat pump devices communicating with the Orca server over an \nunencrypted and unauthenticated HTTP connection on a non-secure port specifically enable an\n attacker to impersonate a legitimate device and inject malicious \npayloads. This enables the insertion of harmful code directly\n into the Orca user portal, potentially compromising user accounts, \nexposing sensitive information, and allowing further unauthorized \nactions within the portal."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext transmission of sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T09:17:51.060Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "url": "https://www.cert.si/en/cve-2026-25599/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Missing authentication and clear\u2011text data transmission affecting Orca heat pumps",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-25599",
        "datePublished": "2026-06-01T09:17:51.060Z",
        "dateReserved": "2026-02-03T07:24:49.547Z",
        "dateUpdated": "2026-06-01T13:01:21.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33590 (GCVE-0-2026-33590)

    Vulnerability from cvelistv5 – Published: 2026-05-28 19:30 – Updated: 2026-06-12 15:02
    VLAI
    Title
    Insecure default permissions in Portainer CE
    Summary
    Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect default permissions
    Assigner
    Impacted products
    Vendor Product Version
    Portainer Portainer Community Edition Affected: 0 , < 2.39.0 (semver)
    Affected: 0 , < 2.38.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:57:42.554840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:57:54.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-12T15:02:52.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/12/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Portainer Community Edition",
              "vendor": "Portainer",
              "versions": [
                {
                  "lessThan": "2.39.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.38.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent \n\naccess on the host.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent \n\naccess on the host."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect default permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T19:30:06.697Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://intwave.com/blog/2026/02/26/improving-portainer-security.html"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/portainer/portainer/commit/ac8fa7672e732b44b970c9eaf928eddd2c68796c"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/portainer/portainer/commit/3e2fdb1891e81a8e4c5c8beb60e45f07c8ecae52"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insecure default permissions in Portainer CE",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33590",
        "datePublished": "2026-05-28T19:30:06.697Z",
        "dateReserved": "2026-03-23T12:53:47.474Z",
        "dateUpdated": "2026-06-12T15:02:52.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25602 (GCVE-0-2026-25602)

    Vulnerability from cvelistv5 – Published: 2026-05-20 10:54 – Updated: 2026-05-20 12:00
    VLAI
    Summary
    Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    URL Tags
    https://seccore.at/blog/cves-meona/ third-party-advisory
    Impacted products
    Vendor Product Version
    Mesalvo Meona Client Launcher Component Affected: 0 , ≤ 19.06.2020 15:11:49 (custom)
    Create a notification for this product.
    Mesalvo Meona Server Component Affected: 0 , ≤ 2025.04 5+323020 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T11:59:55.804011Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:00:29.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Meona Client Launcher Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "19.06.2020 15:11:49",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meona Server Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "2025.04 5+323020",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address.\u0026nbsp;This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
                }
              ],
              "value": "Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address.\u00a0This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:54:13.448Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://seccore.at/blog/cves-meona/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-25602",
        "datePublished": "2026-05-20T10:54:13.448Z",
        "dateReserved": "2026-02-03T07:24:49.548Z",
        "dateUpdated": "2026-05-20T12:00:29.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0857 (GCVE-0-2026-0857)

    Vulnerability from cvelistv5 – Published: 2026-05-20 10:50 – Updated: 2026-05-20 12:01
    VLAI
    Summary
    Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-316 - Cleartext Storage of Sensitive Information in Memory
    Assigner
    References
    URL Tags
    https://seccore.at/blog/cves-meona/ third-party-advisory
    Impacted products
    Vendor Product Version
    Mesalvo Meona Client Launcher Component Affected: 0 , ≤ 19.06.2020 15:11:49 (custom)
    Create a notification for this product.
    Mesalvo Meona Server Component Affected: 0 , ≤ 2025.04 5+323020 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:01:24.904395Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:01:48.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Meona Client Launcher Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "19.06.2020 15:11:49",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meona Server Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "2025.04 5+323020",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.\u003cp\u003eThis issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.\u003c/p\u003e"
                }
              ],
              "value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.\n\nThis issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "CWE-316: Cleartext Storage of Sensitive Information in Memory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:50:58.695Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://seccore.at/blog/cves-meona/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-0857",
        "datePublished": "2026-05-20T10:50:58.695Z",
        "dateReserved": "2026-01-12T06:14:14.665Z",
        "dateUpdated": "2026-05-20T12:01:48.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22315 (GCVE-0-2026-22315)

    Vulnerability from cvelistv5 – Published: 2026-05-20 10:46 – Updated: 2026-05-20 12:06
    VLAI
    Summary
    Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://seccore.at/blog/cves-meona/ third-party-advisory
    Impacted products
    Vendor Product Version
    Mesalvo Meona Client Launcher Component Affected: 0 , ≤ 19.06.2020 15:11:49 (custom)
    Create a notification for this product.
    Mesalvo Meona Server Component Affected: 0 , ≤ 2025.04 5+323020 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:03:18.644530Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:06:30.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Meona Client Launcher Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "19.06.2020 15:11:49",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meona Server Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "2025.04 5+323020",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export\u0026nbsp; of user data, including cleartext passwords, via the SQL editor.\u0026nbsp;This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
                }
              ],
              "value": "Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export\u00a0 of user data, including cleartext passwords, via the SQL editor.\u00a0This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:46:51.995Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://seccore.at/blog/cves-meona/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-22315",
        "datePublished": "2026-05-20T10:46:51.995Z",
        "dateReserved": "2026-01-07T09:31:00.563Z",
        "dateUpdated": "2026-05-20T12:06:30.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0856 (GCVE-0-2026-0856)

    Vulnerability from cvelistv5 – Published: 2026-05-20 10:38 – Updated: 2026-05-20 12:27
    VLAI
    Summary
    Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://seccore.at/blog/cves-meona/ third-party-advisory
    Impacted products
    Vendor Product Version
    Mesalvo Meona Client Launcher Component Affected: 0 , ≤ 19.06.2020 15:11:49 (custom)
    Create a notification for this product.
    Mesalvo Meona Server Component Affected: 0 , ≤ 2025.04 5+323020 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:27:02.745163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:27:12.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Meona Client Launcher Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "19.06.2020 15:11:49",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meona Server Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "2025.04 5+323020",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel.\u0026nbsp;This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
                }
              ],
              "value": "Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel.\u00a0This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:38:53.881Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://seccore.at/blog/cves-meona/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-0856",
        "datePublished": "2026-05-20T10:38:53.881Z",
        "dateReserved": "2026-01-12T06:14:09.204Z",
        "dateUpdated": "2026-05-20T12:27:12.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22314 (GCVE-0-2026-22314)

    Vulnerability from cvelistv5 – Published: 2026-05-20 10:29 – Updated: 2026-05-20 12:34
    VLAI
    Summary
    Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    URL Tags
    https://seccore.at/blog/cves-meona/ third-party-advisory
    Impacted products
    Vendor Product Version
    Mesalvo Meona Client Launcher Component Affected: 0 , ≤ 19.06.2020 15:11:49 (custom)
    Create a notification for this product.
    Mesalvo Meona Server Component Affected: 0 , ≤ 2025.04 5+323020 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T12:29:31.474390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T12:34:04.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Meona Client Launcher Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "19.06.2020 15:11:49",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meona Server Component",
              "vendor": "Mesalvo",
              "versions": [
                {
                  "lessThanOrEqual": "2025.04 5+323020",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users\u0027 systems.\u0026nbsp;This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
                }
              ],
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users\u0027 systems.\u00a0This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T10:29:38.661Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://seccore.at/blog/cves-meona/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-22314",
        "datePublished": "2026-05-20T10:29:38.661Z",
        "dateReserved": "2026-01-07T09:31:00.563Z",
        "dateUpdated": "2026-05-20T12:34:04.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33585 (GCVE-0-2026-33585)

    Vulnerability from cvelistv5 – Published: 2026-05-13 18:46 – Updated: 2026-05-13 19:31
    VLAI
    Title
    Arqit SKA-Platform Improper Handling of Parameters Vulnerability
    Summary
    Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-233 - Improper handling of parameters
    Assigner
    References
    URL Tags
    https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585 third-party-advisory
    Impacted products
    Vendor Product Version
    Arqit Symmetric Key Agreement Platform Affected: 0 , < 26.03 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:28:17.084847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:31:17.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Symmetric Key Agreement Platform",
              "vendor": "Arqit",
              "versions": [
                {
                  "lessThan": "26.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper management of the idle timeout parameter\u0026nbsp;in the Keycloak interface of\u0026nbsp;the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
                }
              ],
              "value": "Improper management of the idle timeout parameter\u00a0in the Keycloak interface of\u00a0the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-233",
                  "description": "CWE-233 Improper handling of parameters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T18:46:13.920Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33585"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arqit SKA-Platform Improper Handling of Parameters Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33585",
        "datePublished": "2026-05-13T18:46:13.920Z",
        "dateReserved": "2026-03-23T12:53:47.473Z",
        "dateUpdated": "2026-05-13T19:31:17.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33584 (GCVE-0-2026-33584)

    Vulnerability from cvelistv5 – Published: 2026-05-13 18:30 – Updated: 2026-05-13 19:39
    VLAI
    Title
    Arqit SKA-Platform Enables Access to Debug Information
    Summary
    Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed dangerous method or function
    Assigner
    References
    URL Tags
    https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584 third-party-advisory
    Impacted products
    Vendor Product Version
    Arqit Symmetric Key Agreement Platform Affected: 0 , < 26.03 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:37:59.672987Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:39:01.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Symmetric Key Agreement Platform",
              "vendor": "Arqit",
              "versions": [
                {
                  "lessThan": "26.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u0026nbsp;This issue affects Symmetric Key Agreement Platform: before 26.03."
                }
              ],
              "value": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u00a0This issue affects Symmetric Key Agreement Platform: before 26.03."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749 Exposed dangerous method or function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T18:35:29.330Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33584"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arqit SKA-Platform Enables Access to Debug Information",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33584",
        "datePublished": "2026-05-13T18:30:48.206Z",
        "dateReserved": "2026-03-23T12:53:47.473Z",
        "dateUpdated": "2026-05-13T19:39:01.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33583 (GCVE-0-2026-33583)

    Vulnerability from cvelistv5 – Published: 2026-05-13 18:19 – Updated: 2026-05-13 18:57
    VLAI
    Title
    Arqit SKA-Platform Vulnerable to Key Exposure
    Summary
    Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed dangerous method or function
    Assigner
    References
    URL Tags
    https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583 third-party-advisory
    Impacted products
    Vendor Product Version
    Arqit Symmetric Key Agreement Platform Affected: 0 , < 26.03 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33583",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T18:57:23.168695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T18:57:55.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Symmetric Key Agreement Platform",
              "vendor": "Arqit",
              "versions": [
                {
                  "lessThan": "26.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\u003cp\u003eThis issue affects Symmetric Key Agreement Platform: before 26.03.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749 Exposed dangerous method or function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T18:19:34.651Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arqit SKA-Platform Vulnerable to Key Exposure",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33583",
        "datePublished": "2026-05-13T18:19:34.651Z",
        "dateReserved": "2026-03-23T12:53:47.473Z",
        "dateUpdated": "2026-05-13T18:57:55.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33589 (GCVE-0-2026-33589)

    Vulnerability from cvelistv5 – Published: 2026-05-07 10:31 – Updated: 2026-05-07 11:34 X_Open Source
    VLAI
    Title
    Arbitrary File Read via Local File Inclusion (LFI)
    Summary
    Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Open Notebook Open Notebook Affected: 0 , ≤ 1.8.3 (semver)
    Create a notification for this product.
    Credits
    CERT-EU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T11:34:33.881622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T11:34:41.674Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Open Notebook",
              "vendor": "Open Notebook",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "CERT-EU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal."
                }
              ],
              "value": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-76",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-76 Manipulating Web Input to File System Calls"
                }
              ]
            },
            {
              "capecId": "CAPEC-545",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-545 Pull Data from System Resources"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T10:31:52.831Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Arbitrary File Read via Local File Inclusion (LFI)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33589",
        "datePublished": "2026-05-07T10:31:52.831Z",
        "dateReserved": "2026-03-23T12:53:47.474Z",
        "dateUpdated": "2026-05-07T11:34:41.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33588 (GCVE-0-2026-33588)

    Vulnerability from cvelistv5 – Published: 2026-05-07 10:28 – Updated: 2026-05-07 11:35 X_Open Source
    VLAI
    Title
    Arbitrary File Write Through Path Traversal
    Summary
    Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Open Notebook Open Notebook Affected: 0 , ≤ 1.8.3 (semver)
    Create a notification for this product.
    Credits
    CERT-EU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T11:35:03.420629Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T11:35:18.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Open Notebook",
              "vendor": "Open Notebook",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "CERT-EU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal."
                }
              ],
              "value": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            },
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23 File Content Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-75",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-75 Manipulating Writeable Configuration Files"
                }
              ]
            },
            {
              "capecId": "CAPEC-650",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-650 Upload a Web Shell to a Web Server"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T10:28:09.195Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/lfnovo/open-notebook/security/advisories/GHSA-x4q2-89g5-594v"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Arbitrary File Write Through Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33588",
        "datePublished": "2026-05-07T10:28:09.195Z",
        "dateReserved": "2026-03-23T12:53:47.474Z",
        "dateUpdated": "2026-05-07T11:35:18.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33587 (GCVE-0-2026-33587)

    Vulnerability from cvelistv5 – Published: 2026-05-07 10:22 – Updated: 2026-05-07 11:35 X_Open Source
    VLAI
    Title
    Remote Code Execution (RCE) via Server-Side Template Injection (SSTI)
    Summary
    Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Open Notebook Open Notebook Affected: 0 , ≤ 1.8.3 (semver)
    Create a notification for this product.
    Credits
    CERT-EU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T11:35:39.061623Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T11:35:45.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Open Notebook",
              "vendor": "Open Notebook",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "CERT-EU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations."
                }
              ],
              "value": "Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-545",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-545 Pull Data from System Resources"
                }
              ]
            },
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T10:22:16.378Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/lfnovo/open-notebook/security/advisories/GHSA-f35w-wx37-26q7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Remote Code Execution (RCE) via Server-Side Template Injection (SSTI)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-33587",
        "datePublished": "2026-05-07T10:22:16.378Z",
        "dateReserved": "2026-03-23T12:53:47.474Z",
        "dateUpdated": "2026-05-07T11:35:45.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28201 (GCVE-0-2026-28201)

    Vulnerability from cvelistv5 – Published: 2026-05-07 10:12 – Updated: 2026-05-07 11:37 X_Open Source
    VLAI
    Title
    SurrealDB Injection on Open Notebook
    Summary
    An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    • CWE-917 - Improper neutralization of special elements used in an expression language statement ('expression language injection')
    • CWE-352 - Cross-Site request forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Open Notebook Open Notebook Affected: 0 , ≤ 1.8.2 (semver)
    Create a notification for this product.
    Credits
    CERT-EU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28201",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T11:36:54.925593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T11:37:04.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Open Notebook",
              "vendor": "Open Notebook",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "CERT-EU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible."
                }
              ],
              "value": "An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-545",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-545 Pull Data from System Resources"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T10:23:57.837Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/lfnovo/open-notebook/security/advisories/GHSA-5wj9-f8q5-8f9c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "SurrealDB Injection on Open Notebook",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-28201",
        "datePublished": "2026-05-07T10:12:05.895Z",
        "dateReserved": "2026-02-25T14:02:29.493Z",
        "dateUpdated": "2026-05-07T11:37:04.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-42611 (GCVE-0-2025-42611)

    Vulnerability from cvelistv5 – Published: 2026-05-05 10:58 – Updated: 2026-05-05 12:49
    VLAI
    Title
    Improper certificate validation in multiple RouterOS services
    Summary
    RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X), among others. The vulnerability lies in shared certificate validation logic which uses the system certificate store that is shared and equally trusted by all system services. This causes confusion of scope, allowing any certificate authority present in the system-wide trust store to be trusted in any context (with some exceptions), allowing partial or full authentication bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper certificate validation
    Assigner
    References
    URL Tags
    https://www.cert.si/en/cve-2025-42611/ third-party-advisorygovernment-resource
    Impacted products
    Vendor Product Version
    Mikrotik RouterOS Affected: 0 , ≤ 7.20.x (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T12:38:09.152163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T12:49:47.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "RouterOS",
              "vendor": "Mikrotik",
              "versions": [
                {
                  "lessThanOrEqual": "7.20.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\u003c/p\u003e\u003cp\u003eThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper certificate validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T10:58:36.937Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "government-resource"
              ],
              "url": "https://www.cert.si/en/cve-2025-42611/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper certificate validation in multiple RouterOS services",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2025-42611",
        "datePublished": "2026-05-05T10:58:36.937Z",
        "dateReserved": "2025-04-16T12:34:02.865Z",
        "dateUpdated": "2026-05-05T12:49:47.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25601 (GCVE-0-2026-25601)

    Vulnerability from cvelistv5 – Published: 2026-04-01 11:28 – Updated: 2026-04-01 12:35
    VLAI
    Title
    Credential Exposure vulnerability in MEPIS RM
    Summary
    A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords before storing them in the application’s database. An attacker with sufficient privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://www.cert.si/en/cve-2026-25601/ third-party-advisory
    Impacted products
    Vendor Product Version
    Metronik d.o.o. MEPIS RM Affected: 0 , < 8.2.0107 (semver)
    Affected: 0 , < 8.2.0007 build 15 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T12:34:39.978813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T12:35:48.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MEPIS RM",
              "vendor": "Metronik d.o.o.",
              "versions": [
                {
                  "lessThan": "8.2.0107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.2.0007 build 15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T11:28:57.110Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.cert.si/en/cve-2026-25601/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Credential Exposure vulnerability in MEPIS RM",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-25601",
        "datePublished": "2026-04-01T11:28:57.110Z",
        "dateReserved": "2026-02-03T07:24:49.548Z",
        "dateUpdated": "2026-04-01T12:35:48.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3999 (GCVE-0-2026-3999)

    Vulnerability from cvelistv5 – Published: 2026-03-13 08:38 – Updated: 2026-03-16 11:27
    VLAI
    Title
    Broken access control vulnerability affecting ID Server
    Summary
    A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization bypass through User-Controlled key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Pointsharp ID Server Affected: 0 , < 9.0.0 (semver)
    Create a notification for this product.
    Credits
    Reema AlQahtani, Haboob Cybersecurity Services
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T16:04:52.787757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T16:04:58.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ID Server",
              "vendor": "Pointsharp",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Reema AlQahtani, Haboob Cybersecurity Services"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\n\u003cp\u003eA broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.\u003c/p\u003e\n\u003c/div\u003e"
                }
              ],
              "value": "A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization bypass through User-Controlled key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T11:27:05.956Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.pointsharp.com/psa/advisories/psa-2026-001.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken access control vulnerability affecting ID Server",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-3999",
        "datePublished": "2026-03-13T08:38:59.468Z",
        "dateReserved": "2026-03-11T17:52:20.020Z",
        "dateUpdated": "2026-03-16T11:27:05.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27850 (GCVE-0-2026-27850)

    Vulnerability from cvelistv5 – Published: 2026-02-25 16:58 – Updated: 2026-02-25 19:11
    VLAI
    Title
    Improper verification in Linksys MR9600, Linksys MX4200
    Summary
    Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • cwe-940 Improper Verification of Source of a Communication Channel
    Assigner
    References
    URL Tags
    https://www.syss.de/fileadmin/dokumente/Publikati… third-party-advisorytechnical-description
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27850",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T19:11:25.500248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T19:11:29.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cwe-940 Improper Verification of Source of a Communication Channel",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T16:58:06.450Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-014.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper verification in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-27850",
        "datePublished": "2026-02-25T16:58:06.450Z",
        "dateReserved": "2026-02-24T07:07:48.974Z",
        "dateUpdated": "2026-02-25T19:11:29.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27849 (GCVE-0-2026-27849)

    Vulnerability from cvelistv5 – Published: 2026-02-25 16:20 – Updated: 2026-02-26 16:47
    VLAI
    Title
    Missing neutralization in Linksys MR9600, Linksys MX4200
    Summary
    Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://www.syss.de/fileadmin/dokumente/Publikati… third-party-advisorytechnical-description
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27849",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T16:46:53.068105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:47:01.147Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T16:20:25.395Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-011.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-27849",
        "datePublished": "2026-02-25T16:20:25.395Z",
        "dateReserved": "2026-02-24T07:07:48.974Z",
        "dateUpdated": "2026-02-26T16:47:01.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27848 (GCVE-0-2026-27848)

    Vulnerability from cvelistv5 – Published: 2026-02-25 15:15 – Updated: 2026-02-26 16:51
    VLAI
    Title
    Missing neutralization in Linksys MR9600, Linksys MX4200
    Summary
    Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://www.syss.de/fileadmin/dokumente/Publikati… third-party-advisorytechnical-description
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27848",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T16:50:25.890966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:51:13.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T15:15:16.186Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-27848",
        "datePublished": "2026-02-25T15:15:16.186Z",
        "dateReserved": "2026-02-24T07:07:48.974Z",
        "dateUpdated": "2026-02-26T16:51:13.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27847 (GCVE-0-2026-27847)

    Vulnerability from cvelistv5 – Published: 2026-02-25 15:10 – Updated: 2026-02-26 16:56
    VLAI
    Title
    Missing authentication in Linksys MR9600, Linksys MX4200
    Summary
    Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://www.syss.de/fileadmin/dokumente/Publikati… third-party-advisorytechnical-description
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27847",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T16:55:30.669110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:23.595Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T15:10:30.771Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing authentication in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-27847",
        "datePublished": "2026-02-25T15:10:30.771Z",
        "dateReserved": "2026-02-24T07:07:48.973Z",
        "dateUpdated": "2026-02-26T16:56:23.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27846 (GCVE-0-2026-27846)

    Vulnerability from cvelistv5 – Published: 2026-02-25 15:03 – Updated: 2026-02-25 18:36
    VLAI
    Title
    Missing authentication in Linksys MR9600, Linksys MX4200
    Summary
    Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network  to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://www.syss.de/fileadmin/dokumente/Publikati… third-party-advisorytechnical-description
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.2,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T18:35:57.582373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T18:36:03.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u0026nbsp;\u003cbr\u003eto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u00a0\nto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T15:03:58.616Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing authentication in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-27846",
        "datePublished": "2026-02-25T15:03:58.616Z",
        "dateReserved": "2026-02-24T07:07:48.973Z",
        "dateUpdated": "2026-02-25T18:36:03.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25603 (GCVE-0-2026-25603)

    Vulnerability from cvelistv5 – Published: 2026-02-24 17:14 – Updated: 2026-02-24 18:13
    VLAI
    Title
    Path Traversal vulnerability in Linksys MR9600, Linksys MX4200
    Summary
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Linksys MR9600 Affected: 1.0.4.205530
    Create a notification for this product.
    Linksys MX4200 Affected: 1.0.13.210200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T18:11:45.463586Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T18:13:33.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "MR9600",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.205530"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MX4200",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.13.210200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Linksys MR9600, Linksys MX4200 allows that\u0026nbsp;contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Linksys MR9600, Linksys MX4200 allows that\u00a0contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-251",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-251 Local Code Inclusion"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T17:14:36.141Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Path Traversal vulnerability in Linksys MR9600, Linksys MX4200",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2026-25603",
        "datePublished": "2026-02-24T17:14:36.141Z",
        "dateReserved": "2026-02-03T07:24:49.548Z",
        "dateUpdated": "2026-02-24T18:13:33.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-42620 (GCVE-0-2025-42620)

    Vulnerability from cvelistv5 – Published: 2025-12-08 12:15 – Updated: 2025-12-08 12:27
    VLAI
    Title
    CSRF vulnerability in CIRCL Vulnerability-Lookup
    Summary
    In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitrary strings without format validation or proper sanitization. On the frontend, comment and bundle descriptions were converted from Markdown to HTML and then injected directly into the DOM using string templates and innerHTML. This combination allowed an attacker who could create or edit comments or bundles to store crafted HTML/JavaScript payloads which would later be rendered and executed in the browser of any user visiting the affected profile page (user.html).  This issue affects Vulnerability-Lookup: before 2.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CIRCL Vulnerability-Lookup Affected: 0 , < 2.18.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42620",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-08T12:27:00.493206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-08T12:27:15.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vulnerability-Lookup",
              "vendor": "CIRCL",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\n\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\nIn affected versions, vulnerability-lookup handled user-controlled \ncontent in comments and bundles in an unsafe way, which could lead to \nstored Cross-Site Scripting (XSS).\n\n\n\n\nOn the backend, the related_vulnerabilities field of bundles accepted \narbitrary strings without format validation or proper sanitization. On \nthe frontend, comment and bundle descriptions were converted from \nMarkdown to HTML and then injected directly into the DOM using string \ntemplates and innerHTML. This combination allowed an attacker who could \ncreate or edit comments or bundles to store crafted HTML/JavaScript \npayloads which would later be rendered and executed in the browser of \nany user visiting the affected profile page (user.html).\u0026nbsp;\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eThis issue affects Vulnerability-Lookup: before 2.18.0.\u003c/p\u003e"
                }
              ],
              "value": "In affected versions, vulnerability-lookup handled user-controlled \ncontent in comments and bundles in an unsafe way, which could lead to \nstored Cross-Site Scripting (XSS).\n\n\n\n\nOn the backend, the related_vulnerabilities field of bundles accepted \narbitrary strings without format validation or proper sanitization. On \nthe frontend, comment and bundle descriptions were converted from \nMarkdown to HTML and then injected directly into the DOM using string \ntemplates and innerHTML. This combination allowed an attacker who could \ncreate or edit comments or bundles to store crafted HTML/JavaScript \npayloads which would later be rendered and executed in the browser of \nany user visiting the affected profile page (user.html).\u00a0\n\n\n\n\n\n\n\nThis issue affects Vulnerability-Lookup: before 2.18.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-08T12:15:15.950Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://vulnerability.circl.lu/vuln/gcve-1-2025-0035"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSRF vulnerability in CIRCL Vulnerability-Lookup",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2025-42620",
        "datePublished": "2025-12-08T12:15:15.950Z",
        "dateReserved": "2025-04-16T12:34:02.867Z",
        "dateUpdated": "2025-12-08T12:27:15.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-42616 (GCVE-0-2025-42616)

    Vulnerability from cvelistv5 – Published: 2025-12-08 12:09 – Updated: 2025-12-08 14:46
    VLAI
    Title
    CSRF vulnerability in CIRCL Vulnerability-Lookup
    Summary
    Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site Request Forgery (CSRF) attacks: an attacker who tricks a logged-in user into visiting a malicious website could cause the user’s browser to issue GET requests that perform unintended state-changing operations in the context of their authenticated session. Because the server would treat these GET requests as valid (since no CSRF protection or POST method enforcement was in place), the attacker could exploit this to escalate privileges, change settings, or carry out other unauthorized actions without needing the user’s explicit consent or awareness.  The fix ensures that all state-changing endpoints now require HTTP POST requests and include a valid CSRF token. This enforces that state changes cannot be triggered by arbitrary cross-site GET requests. This issue affects Vulnerability-Lookup: before 2.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    CIRCL Vulnerability-Lookup Affected: 0 , < 2.18.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-08T14:46:29.136113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-08T14:46:41.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vulnerability-Lookup",
              "vendor": "CIRCL",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003eSome endpoints in vulnerability-lookup that modified \napplication state (e.g. changing database entries, user data, \nconfigurations, or other privileged actions) may have been accessible \nvia HTTP GET requests without requiring a CSRF token. This flaw leaves \nthe application vulnerable to Cross-Site Request Forgery (CSRF) attacks:\n an attacker who tricks a logged-in user into visiting a malicious \nwebsite could cause the user\u2019s browser to issue GET requests that \nperform unintended state-changing operations in the context of their \nauthenticated session.\n\n\nBecause the server would treat these GET requests as valid (since no \nCSRF protection or POST method enforcement was in place), the attacker \ncould exploit this to escalate privileges, change settings, or carry out\n other unauthorized actions without needing the user\u2019s explicit consent \nor awareness.\u0026nbsp;\u003cbr\u003eThe fix ensures that all state-changing endpoints now require HTTP POST \nrequests and include a valid CSRF token. This enforces that state \nchanges cannot be triggered by arbitrary cross-site GET requests.\u0026nbsp;This issue affects Vulnerability-Lookup: before 2.18.0.\u003c/div\u003e"
                }
              ],
              "value": "Some endpoints in vulnerability-lookup that modified \napplication state (e.g. changing database entries, user data, \nconfigurations, or other privileged actions) may have been accessible \nvia HTTP GET requests without requiring a CSRF token. This flaw leaves \nthe application vulnerable to Cross-Site Request Forgery (CSRF) attacks:\n an attacker who tricks a logged-in user into visiting a malicious \nwebsite could cause the user\u2019s browser to issue GET requests that \nperform unintended state-changing operations in the context of their \nauthenticated session.\n\n\nBecause the server would treat these GET requests as valid (since no \nCSRF protection or POST method enforcement was in place), the attacker \ncould exploit this to escalate privileges, change settings, or carry out\n other unauthorized actions without needing the user\u2019s explicit consent \nor awareness.\u00a0\nThe fix ensures that all state-changing endpoints now require HTTP POST \nrequests and include a valid CSRF token. This enforces that state \nchanges cannot be triggered by arbitrary cross-site GET requests.\u00a0This issue affects Vulnerability-Lookup: before 2.18.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-08T12:58:58.408Z",
            "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
            "shortName": "ENISA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://vulnerability.circl.lu/vuln/gcve-1-2025-0034"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSRF vulnerability in CIRCL Vulnerability-Lookup",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "assignerShortName": "ENISA",
        "cveId": "CVE-2025-42616",
        "datePublished": "2025-12-08T12:09:22.893Z",
        "dateReserved": "2025-04-16T12:34:02.866Z",
        "dateUpdated": "2025-12-08T14:46:41.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }