Search
Find a vulnerability
Search criteria
3402 vulnerabilities
CVE-2026-15146 (GCVE-0-2026-15146)
Vulnerability from cvelistv5 – Published: 2026-07-10 18:20 – Updated: 2026-07-10 19:30
VLAI
EPSS
VEX
Title
CVE-2026-15146
Summary
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-15146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T19:17:02.863029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T19:17:58.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-07-10T19:30:53.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/564823"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wget",
"vendor": "GNU wget",
"versions": [
{
"lessThanOrEqual": "1.25.0 before commit 4f85853f641863d5915786a8413e1a213726a62b",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget\u2019s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T18:20:58.269Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cgit.git.savannah.gnu.org/cgit/wget.git/commit/?id=4f85853f641863d5915786a8413e1a213726a62b"
},
{
"url": "https://kb.cert.org/vuls/id/564823"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-15146",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-15146"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-15146",
"datePublished": "2026-07-10T18:20:58.269Z",
"dateReserved": "2026-07-08T19:10:56.213Z",
"dateUpdated": "2026-07-10T19:30:53.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13462 (GCVE-0-2026-13462)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:10 – Updated: 2026-07-09 19:45
VLAI
EPSS
VEX
Title
PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability
Summary
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:45:40.068309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:45:55.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PayRange",
"vendor": "PayRange",
"versions": [
{
"status": "affected",
"version": "7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:10:44.429Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"url": "https://kb.cert.org/vuls/id/152953"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13462"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-13462",
"datePublished": "2026-07-09T17:10:44.429Z",
"dateReserved": "2026-06-26T20:08:46.304Z",
"dateUpdated": "2026-07-09T19:45:55.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13461 (GCVE-0-2026-13461)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:08 – Updated: 2026-07-10 20:32
VLAI
EPSS
VEX
Title
PayRange version 7.0.7 contains a JavaScript injection vulnerability
Summary
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T19:09:02.608288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T20:32:30.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PayRange",
"vendor": "PayRange",
"versions": [
{
"status": "affected",
"version": "7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user\u0027s device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:08:53.024Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"url": "https://kb.cert.org/vuls/id/152953"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PayRange version 7.0.7 contains a JavaScript injection vulnerability",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13461"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-13461",
"datePublished": "2026-07-09T17:08:53.024Z",
"dateReserved": "2026-06-26T20:08:29.251Z",
"dateUpdated": "2026-07-10T20:32:30.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14261 (GCVE-0-2026-14261)
Vulnerability from cvelistv5 – Published: 2026-07-09 12:37 – Updated: 2026-07-09 15:21
VLAI
EPSS
VEX
Title
CVE-2026-14261
Summary
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Xerte | Xerte Online Tools |
Affected:
0 , < 3.14.6
(custom)
|
|
| Xerte | Xerte Online Tools |
Affected:
0 , < 3.15.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-14261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T15:21:35.872016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:21:38.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xerte Online Tools",
"vendor": "Xerte",
"versions": [
{
"lessThan": "3.14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Xerte Online Tools",
"vendor": "Xerte",
"versions": [
{
"lessThan": "3.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:37:43.523Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1532"
},
{
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90"
},
{
"url": "https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-14261",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-14261"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-14261",
"datePublished": "2026-07-09T12:37:43.523Z",
"dateReserved": "2026-06-30T16:15:16.781Z",
"dateUpdated": "2026-07-09T15:21:38.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12116 (GCVE-0-2026-12116)
Vulnerability from cvelistv5 – Published: 2026-07-09 12:37 – Updated: 2026-07-09 15:15
VLAI
EPSS
VEX
Title
CVE-2026-12116
Summary
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Xerte | Xerte Online Tools |
Affected:
0 , < v3.15.5
(custom)
|
|
| Xerte | Xerte Online Tools |
Affected:
0 , < 3.14.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T15:15:30.339452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:15:34.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xerte Online Tools",
"vendor": "Xerte",
"versions": [
{
"lessThan": "v3.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Xerte Online Tools",
"vendor": "Xerte",
"versions": [
{
"lessThan": "3.14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:37:31.679Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/8ef20628f80bd88bd1fe3e5844a9116a910086b7"
},
{
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1543"
},
{
"url": "https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-12116",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12116"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-12116",
"datePublished": "2026-07-09T12:37:31.679Z",
"dateReserved": "2026-06-12T14:47:35.871Z",
"dateUpdated": "2026-07-09T15:15:34.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10706 (GCVE-0-2026-10706)
Vulnerability from cvelistv5 – Published: 2026-07-08 14:06 – Updated: 2026-07-09 15:13
VLAI
EPSS
VEX
Title
Exposure of Sensitive Information to an Unauthorized attacker
Summary
In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/849433 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adalo No-Code App Builder | App Builder |
Affected:
1 , ≤ 2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T15:13:39.000602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:13:42.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "App Builder",
"vendor": "Adalo No-Code App Builder",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Adalo\u2019s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T14:06:34.842Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/849433"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized attacker",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10706"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10706",
"datePublished": "2026-07-08T14:06:34.842Z",
"dateReserved": "2026-06-02T17:46:45.590Z",
"dateUpdated": "2026-07-09T15:13:42.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10708 (GCVE-0-2026-10708)
Vulnerability from cvelistv5 – Published: 2026-07-08 14:05 – Updated: 2026-07-09 15:13
VLAI
EPSS
VEX
Title
Insufficiently Protected Credentials
Summary
This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/849433 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adalo No-Code App Builder | App Builder |
Affected:
1 , ≤ 2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T15:12:56.923608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:13:00.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "App Builder",
"vendor": "Adalo No-Code App Builder",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability enables large\u2011scale data harvesting without requiring app\u2011specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long\u2011lived twenty\u2011day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-346 Origin Validation Error",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T14:05:15.678Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/849433"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10708"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10708",
"datePublished": "2026-07-08T14:05:15.678Z",
"dateReserved": "2026-06-02T17:59:57.666Z",
"dateUpdated": "2026-07-09T15:13:00.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11405 (GCVE-0-2026-11405)
Vulnerability from cvelistv5 – Published: 2026-07-06 19:17 – Updated: 2026-07-08 13:40
VLAI
EPSS
VEX
Title
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
Summary
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8.
- The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key).
- After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration.
- It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password.
A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | firmware |
Affected:
US_AC6V2.0RTL_V15.03.06.51_multi_T
|
|
| Tenda | firmware |
Affected:
US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
|
|
| Tenda | firmware |
Affected:
US_AC10V1.0re_V15.03.06.46_multi_TDE01
|
|
| Tenda | firmware |
Affected:
US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
|
|
| Tenda | firmware |
Affected:
US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-06T20:37:55.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/213560"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-11405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T03:56:43.961536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T13:40:24.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firmware",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "US_AC6V2.0RTL_V15.03.06.51_multi_T"
}
]
},
{
"product": "firmware",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "US_AC5V1.0RTL_V15.03.06.48_multi_TDE01"
}
]
},
{
"product": "firmware",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "US_AC10V1.0re_V15.03.06.46_multi_TDE01"
}
]
},
{
"product": "firmware",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE"
}
]
},
{
"product": "firmware",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8.\r\n\r\n- The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key).\r\n- After normal authentication fails, it calls GetValue(\"sys.rzadmin.password\") to read a backdoor password from the device configuration.\r\n- It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password.\r\n\r\nA successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked \u2014 any username works with the backdoor"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-912: Hidden Functionality",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:24:17.280Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/912.html"
},
{
"url": "https://kb.cert.org/vuls/id/213560"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-11405"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-11405",
"datePublished": "2026-07-06T19:17:07.891Z",
"dateReserved": "2026-06-05T18:12:15.445Z",
"dateUpdated": "2026-07-08T13:40:24.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13753 (GCVE-0-2026-13753)
Vulnerability from cvelistv5 – Published: 2026-07-06 18:00 – Updated: 2026-07-08 17:00
VLAI
EPSS
VEX
Title
CVE-2026-13753
Summary
A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HP Inc. | HP 2800 Printer Series |
Affected:
0 , ≤ TBP1CN2612AR.
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:12:36.743111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:12:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-07-06T19:33:52.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/828543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP 2800 Printer Series",
"vendor": "HP Inc.",
"versions": [
{
"lessThanOrEqual": "TBP1CN2612AR.",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version \u003c=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi\u2011Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T17:00:16.985Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/828543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-13753",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13753"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-13753",
"datePublished": "2026-07-06T18:00:06.663Z",
"dateReserved": "2026-06-29T16:46:12.558Z",
"dateUpdated": "2026-07-08T17:00:16.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12168 (GCVE-0-2026-12168)
Vulnerability from cvelistv5 – Published: 2026-07-02 14:36 – Updated: 2026-07-02 17:36
VLAI
EPSS
VEX
Title
CVE-2026-12168
Summary
An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Little Orbit | GameFirst Anti-Cheat |
Affected:
0 , ≤ 2025-07-07
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T17:36:06.427941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T17:36:23.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GameFirst Anti-Cheat",
"vendor": "Little Orbit",
"versions": [
{
"lessThanOrEqual": "2025-07-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-123 Write-What-Where Condition",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:07:03.882Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.littleorbit.com/"
},
{
"url": "https://kb.cert.org/vuls/id/639124"
},
{
"url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-12168",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12168"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-12168",
"datePublished": "2026-07-02T14:36:27.552Z",
"dateReserved": "2026-06-12T19:40:44.862Z",
"dateUpdated": "2026-07-02T17:36:23.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12166 (GCVE-0-2026-12166)
Vulnerability from cvelistv5 – Published: 2026-07-02 14:36 – Updated: 2026-07-02 17:35
VLAI
EPSS
VEX
Title
CVE-2026-12166
Summary
A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Little Orbit | GameFirst Anti-Cheat |
Affected:
0 , ≤ 2025-07-07
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T17:35:09.610134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T17:35:36.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GameFirst Anti-Cheat",
"vendor": "Little Orbit",
"versions": [
{
"lessThanOrEqual": "2025-07-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:06:50.751Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.littleorbit.com/"
},
{
"url": "https://kb.cert.org/vuls/id/639124"
},
{
"url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-12166",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12166"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-12166",
"datePublished": "2026-07-02T14:36:04.413Z",
"dateReserved": "2026-06-12T19:40:24.620Z",
"dateUpdated": "2026-07-02T17:35:36.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12167 (GCVE-0-2026-12167)
Vulnerability from cvelistv5 – Published: 2026-07-02 14:35 – Updated: 2026-07-02 17:34
VLAI
EPSS
VEX
Title
CVE-2026-12167
Summary
The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Little Orbit | GameFirst Anti-Cheat |
Affected:
0 , ≤ 2025-07-07
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-12167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T17:34:42.415314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T17:34:47.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GameFirst Anti-Cheat",
"vendor": "Little Orbit",
"versions": [
{
"lessThanOrEqual": "2025-07-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:06:37.740Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.littleorbit.com/"
},
{
"url": "https://kb.cert.org/vuls/id/639124"
},
{
"url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-12167",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12167"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-12167",
"datePublished": "2026-07-02T14:35:47.922Z",
"dateReserved": "2026-06-12T19:40:33.666Z",
"dateUpdated": "2026-07-02T17:34:47.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0828 (GCVE-0-2026-0828)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:47 – Updated: 2026-06-26 17:33
VLAI
EPSS
VEX
Title
Kernel driver vulnerability in Safetica Endpoint Client
Summary
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Safetica | Endpoint Client |
Affected:
10.5.75.0 , ≤ 10.5.75.0
(custom)
|
|
| Safetica | Endpoint Client |
Affected:
11.11.4.0 , ≤ 11.11.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:50:43.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/818729"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:33:10.210218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:33:16.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Endpoint Client",
"vendor": "Safetica",
"versions": [
{
"lessThanOrEqual": "10.5.75.0",
"status": "affected",
"version": "10.5.75.0",
"versionType": "custom"
}
]
},
{
"product": "Endpoint Client",
"vendor": "Safetica",
"versions": [
{
"lessThanOrEqual": "11.11.4.0",
"status": "affected",
"version": "11.11.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel driver ProcessMonitorDriver.sys in Safetica\u0027s endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:47:32.364Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.safetica.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Kernel driver vulnerability in Safetica Endpoint Client",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0828"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0828",
"datePublished": "2026-06-26T15:47:32.364Z",
"dateReserved": "2026-01-09T19:21:20.617Z",
"dateUpdated": "2026-06-26T17:33:16.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0685 (GCVE-0-2026-0685)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:45 – Updated: 2026-06-26 17:36
VLAI
EPSS
VEX
Title
Server side template inject (SSTI) in Edgewall Genshi Template Engine
Summary
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Edgewall *Genshi* | Genshi |
Affected:
0 , ≤ 0.7.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:50:40.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/244846"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:36:09.734967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:36:14.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Genshi",
"vendor": "Edgewall *Genshi*",
"versions": [
{
"lessThanOrEqual": "0.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:45:11.283Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/edgewall/genshi/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server side template inject (SSTI) in Edgewall Genshi Template Engine",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0685"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0685",
"datePublished": "2026-06-26T15:45:11.283Z",
"dateReserved": "2026-01-07T19:12:01.099Z",
"dateUpdated": "2026-06-26T17:36:14.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11919 (GCVE-0-2025-11919)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:39 – Updated: 2026-06-26 17:40
VLAI
EPSS
VEX
Title
Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
Summary
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
Severity
9.6 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wolfram Research Inc. | Cloud |
Affected:
14.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:49:25.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/553375"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-11919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:39:58.284281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:40:10.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/PeterRoberge/vulnerability-wolfram-cloud-14.2/blob/main/disclosure.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cloud",
"vendor": "Wolfram Research Inc.",
"versions": [
{
"status": "affected",
"version": "14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker\u0027s code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:11:46.925Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/PeterRoberge/vulnerability-wolfram-cloud-14.2/blob/main/disclosure.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unprotected temporary directories in Wolfram Cloud may result in privilege escalation",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-11919"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-11919",
"datePublished": "2026-06-26T15:39:41.353Z",
"dateReserved": "2025-10-17T14:38:44.831Z",
"dateUpdated": "2026-06-26T17:40:10.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5757 (GCVE-0-2026-5757)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:15 – Updated: 2026-06-26 18:38
VLAI
EPSS
VEX
Title
There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Summary
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:52:23.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/518910"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:37:59.802606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:38:23.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ollama",
"vendor": "Ollama AI",
"versions": [
{
"status": "affected",
"version": "v0.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine allows an attacker to read and exfiltrate the server\u0027s heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-416 Use After Free",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:15:28.464Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/518910"
},
{
"url": "https://ollama.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5757"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5757",
"datePublished": "2026-06-26T15:15:28.464Z",
"dateReserved": "2026-04-07T16:59:20.290Z",
"dateUpdated": "2026-06-26T18:38:23.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8050 (GCVE-0-2026-8050)
Vulnerability from cvelistv5 – Published: 2026-06-17 21:05 – Updated: 2026-06-18 13:14
VLAI
EPSS
VEX
Title
CVE-2026-8050
Summary
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/380058 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SignalRGB | SignalRGB kernel driver |
Affected:
0 , < 1.3.7.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T13:14:27.020614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T13:14:31.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SignalRGB kernel driver",
"vendor": "SignalRGB",
"versions": [
{
"lessThan": "1.3.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T21:05:32.448Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/380058"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8050",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8050"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8050",
"datePublished": "2026-06-17T21:05:32.448Z",
"dateReserved": "2026-05-06T17:40:15.269Z",
"dateUpdated": "2026-06-18T13:14:31.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8049 (GCVE-0-2026-8049)
Vulnerability from cvelistv5 – Published: 2026-06-17 21:05 – Updated: 2026-06-18 13:12
VLAI
EPSS
VEX
Title
CVE-2026-8049
Summary
In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/380058 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SignalRGB | SignalRGB kernel driver |
Affected:
0 , < 1.3.7.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T13:12:10.123796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T13:12:38.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SignalRGB kernel driver",
"vendor": "SignalRGB",
"versions": [
{
"lessThan": "1.3.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SignalRGB versions prior to 1.3.7.0, the \\\\.\\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T21:05:25.402Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/380058"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8049",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8049"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8049",
"datePublished": "2026-06-17T21:05:25.402Z",
"dateReserved": "2026-05-06T17:40:03.996Z",
"dateUpdated": "2026-06-18T13:12:38.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9648 (GCVE-0-2026-9648)
Vulnerability from cvelistv5 – Published: 2026-06-11 14:30 – Updated: 2026-06-11 15:39
VLAI
EPSS
VEX
Title
CVE-2026-9648
Summary
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Haskell Programming Language | crypton-certificate |
Affected:
0 , < 1.9.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-11T15:10:30.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/862559"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-9648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T15:39:09.493112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T15:39:31.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "crypton-certificate",
"vendor": "Haskell Programming Language",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA\u2019s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T14:30:30.800Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30"
},
{
"url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30/changes/f4b77edf6ead77f4a886da40e41eab20f0180e39"
},
{
"url": "https://hackage.haskell.org/package/crypton-x509-validation-1.9.1/revisions/"
},
{
"url": "https://github.com/haskell/security-advisories/pull/332"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-9648",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-9648"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-9648",
"datePublished": "2026-06-11T14:30:30.800Z",
"dateReserved": "2026-05-26T19:26:04.460Z",
"dateUpdated": "2026-06-11T15:39:31.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8863 (GCVE-0-2026-8863)
Vulnerability from cvelistv5 – Published: 2026-06-09 18:10 – Updated: 2026-06-10 15:16
VLAI
EPSS
VEX
Title
CVE-2026-8863
Summary
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://kb.cert.org/vuls/id/616257 | third-party-advisory |
| https://www.kb.cert.org/vuls/id/616257 |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | OracleLinux(7.2) shim |
Affected:
0.9
|
|
| PC-Doctor | Service Center Enterprise |
Affected:
14 , ≤ 17.0.7536.900
(custom)
|
|
| PC-Doctor | Service Center Drive Erase |
Affected:
15 , ≤ 17.0.7538.592
(custom)
|
|
| PC-Doctor | Service Center Japan |
Affected:
15 , ≤ 17.0.7539.904
(custom)
|
|
| PC-Doctor | Service Center |
Affected:
14 , ≤ 17.0.7535.900
(custom)
|
|
| PC-Doctor | Network Factory for Linux (Bootable Diagnostics) |
Affected:
6.9 , ≤ 6.20.7711.267
(custom)
|
|
| PC-Doctor | Factory for Linux (Bootable Diagnostics) |
Affected:
6.9 , ≤ 6.20.7710.267
(custom)
|
|
| Spyrus | WTGCreator |
Affected:
4.2
|
|
| Blancco UK | WhiteCanyon WipeDrive |
Affected:
8.0.0 , ≤ 8.1.3
(custom)
|
|
| baramundi software | baramundi Management Suite |
Affected:
* , ≤ 2024R1
(custom)
|
|
| SUSE Linux | OpenSUSE shim |
Affected:
0.9
|
|
| Finland Matriculation Board | Abitti 1 |
Affected:
1.0.0
|
|
| NTC IT ROSA LLC | RosaLinux |
Affected:
R9
|
|
| NTC IT ROSA LLC | RosaLinux |
Affected:
R10
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T19:03:03.811729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T19:03:21.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-09T19:41:27.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/616257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OracleLinux(7.2) shim",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "0.9"
}
]
},
{
"product": "Service Center Enterprise",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "17.0.7536.900",
"status": "affected",
"version": "14",
"versionType": "custom"
}
]
},
{
"product": "Service Center Drive Erase",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "17.0.7538.592",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
},
{
"product": "Service Center Japan",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "17.0.7539.904",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
},
{
"product": "Service Center",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "17.0.7535.900",
"status": "affected",
"version": "14",
"versionType": "custom"
}
]
},
{
"product": "Network Factory for Linux (Bootable Diagnostics)",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "6.20.7711.267",
"status": "affected",
"version": "6.9",
"versionType": "custom"
}
]
},
{
"product": "Factory for Linux (Bootable Diagnostics)",
"vendor": "PC-Doctor",
"versions": [
{
"lessThanOrEqual": "6.20.7710.267",
"status": "affected",
"version": "6.9",
"versionType": "custom"
}
]
},
{
"product": "WTGCreator",
"vendor": "Spyrus",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
},
{
"product": "WhiteCanyon WipeDrive",
"vendor": "Blancco UK",
"versions": [
{
"lessThanOrEqual": "8.1.3",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": "baramundi Management Suite",
"vendor": "baramundi software",
"versions": [
{
"lessThanOrEqual": "2024R1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"product": "OpenSUSE shim",
"vendor": "SUSE Linux",
"versions": [
{
"status": "affected",
"version": "0.9"
}
]
},
{
"product": "Abitti 1",
"vendor": "Finland Matriculation Board",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "RosaLinux",
"vendor": "NTC IT ROSA LLC",
"versions": [
{
"status": "affected",
"version": "R9"
}
]
},
{
"product": "RosaLinux",
"vendor": "NTC IT ROSA LLC",
"versions": [
{
"status": "affected",
"version": "R10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T15:16:35.228Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Microsoft Vendor Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863"
},
{
"name": "CERT/CC Vulnerability Notice",
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/616257"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2026-8863",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8863"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8863",
"datePublished": "2026-06-09T18:10:15.426Z",
"dateReserved": "2026-05-18T19:41:10.790Z",
"dateUpdated": "2026-06-10T15:16:35.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10045 (GCVE-0-2026-10045)
Vulnerability from cvelistv5 – Published: 2026-06-09 18:09 – Updated: 2026-06-09 19:09
VLAI
EPSS
VEX
Title
CVE-2026-10045
Summary
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd | DR300 |
Affected:
2.1.2.121
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T19:09:40.667720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T19:09:45.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://rubenabreu.xyz/post/temu-routers-and-their-implications"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DR300",
"vendor": "Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd",
"versions": [
{
"status": "affected",
"version": "2.1.2.121"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shenzhen Kangda Xin Intelligent Network Technology Company\u0027s router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T18:09:56.599Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://rubenabreu.xyz/post/temu-routers-and-their-implications"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-10045",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10045"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10045",
"datePublished": "2026-06-09T18:09:56.599Z",
"dateReserved": "2026-05-28T21:12:31.476Z",
"dateUpdated": "2026-06-09T19:09:45.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8888 (GCVE-0-2026-8888)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:16 – Updated: 2026-06-04 19:48
VLAI
EPSS
VEX
Title
CVE-2026-8888
Summary
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T19:48:22.314942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T19:48:31.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1333",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:18:13.249Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8888",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8888"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8888",
"datePublished": "2026-06-03T18:16:25.264Z",
"dateReserved": "2026-05-18T20:40:05.298Z",
"dateUpdated": "2026-06-04T19:48:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8889 (GCVE-0-2026-8889)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:15 – Updated: 2026-06-10 19:00
VLAI
EPSS
VEX
Title
CVE-2026-8889
Summary
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T19:49:34.564362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T19:00:10.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-328",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:15:15.450Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8889",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8889"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8889",
"datePublished": "2026-06-03T18:15:15.450Z",
"dateReserved": "2026-05-18T20:43:53.154Z",
"dateUpdated": "2026-06-10T19:00:10.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8881 (GCVE-0-2026-8881)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:13 – Updated: 2026-06-04 17:25
VLAI
EPSS
VEX
Title
CVE-2026-8881
Summary
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T17:25:31.107400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T17:25:48.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:13:14.217Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8881",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8881"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8881",
"datePublished": "2026-06-03T18:13:14.217Z",
"dateReserved": "2026-05-18T20:32:53.054Z",
"dateUpdated": "2026-06-04T17:25:48.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8879 (GCVE-0-2026-8879)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:11 – Updated: 2026-06-04 14:13
VLAI
EPSS
VEX
Title
CVE-2026-8879
Summary
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly's servers are unreachable, pages remain indefinitely hidden.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 Inclusion of Functionality from Untrusted Control Sphere
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:12:27.850403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:13:20.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly\u0027s servers are unreachable, pages remain indefinitely hidden."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:11:04.269Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8879",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8879"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8879",
"datePublished": "2026-06-03T18:11:04.269Z",
"dateReserved": "2026-05-18T20:29:18.234Z",
"dateUpdated": "2026-06-04T14:13:20.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8878 (GCVE-0-2026-8878)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:09 – Updated: 2026-06-04 14:18
VLAI
EPSS
VEX
Title
CVE-2026-8878
Summary
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:18:41.000614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:18:55.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:09:04.115Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8878",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8878"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8878",
"datePublished": "2026-06-03T18:09:04.115Z",
"dateReserved": "2026-05-18T20:27:44.651Z",
"dateUpdated": "2026-06-04T14:18:55.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8876 (GCVE-0-2026-8876)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:07 – Updated: 2026-06-04 14:20
VLAI
EPSS
VEX
Title
CVE-2026-8876
Summary
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , ≤ 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:20:09.967341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:20:24.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThanOrEqual": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-321",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:07:13.200Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8876",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8876"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8876",
"datePublished": "2026-06-03T18:07:13.200Z",
"dateReserved": "2026-05-18T20:27:18.596Z",
"dateUpdated": "2026-06-04T14:20:24.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8874 (GCVE-0-2026-8874)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:03 – Updated: 2026-06-04 14:43
VLAI
EPSS
VEX
Title
CVE-2026-8874
Summary
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/595768 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Securly | Securly Chrome Extension |
Affected:
0 , < 3.0.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T14:42:14.501953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T14:43:00.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Securly Chrome Extension",
"vendor": "Securly",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:03:04.592Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/595768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-8874",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8874"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-8874",
"datePublished": "2026-06-03T18:03:04.592Z",
"dateReserved": "2026-05-18T20:26:19.787Z",
"dateUpdated": "2026-06-04T14:43:00.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10629 (GCVE-0-2026-10629)
Vulnerability from cvelistv5 – Published: 2026-06-02 14:35 – Updated: 2026-06-03 15:19
VLAI
EPSS
VEX
Title
CVE-2026-10629
Summary
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-02T15:23:02.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/615987"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T15:19:08.539555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T15:19:11.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VoLTE",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "UNKNOWN"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-346 Origin Validation Error",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-523 Missing Transport Layer Protection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:35:07.902Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.3gpp.org/DynReport/33203.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-10629",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10629"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10629",
"datePublished": "2026-06-02T14:35:07.902Z",
"dateReserved": "2026-06-02T14:31:31.922Z",
"dateUpdated": "2026-06-03T15:19:11.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7299 (GCVE-0-2026-7299)
Vulnerability from cvelistv5 – Published: 2026-06-02 14:07 – Updated: 2026-06-02 18:17
VLAI
EPSS
VEX
Title
CVE-2026-7299
Summary
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-02T15:23:03.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/265691"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7299",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T18:17:27.406510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T18:17:31.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Stuub/Appsmith-1.98-Stored-XSS-Exploit"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Appsmith",
"vendor": "Appsmith",
"versions": [
{
"lessThan": "2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Appsmith\u2019s SQL query editor\u2019s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:07:52.626Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-vvxf-f8q9-86gh"
},
{
"url": "https://github.com/appsmithorg/appsmith/pull/41666"
},
{
"url": "https://github.com/Stuub/Appsmith-1.98-Stored-XSS-Exploit"
},
{
"url": "https://github.com/appsmithorg/appsmith/releases/tag/v2.1"
},
{
"url": "https://github.com/appsmithorg/appsmith/commit/99d69180919981ed9bc5484050d809a5bec68acc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-7299",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7299"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-7299",
"datePublished": "2026-06-02T14:07:52.626Z",
"dateReserved": "2026-04-28T11:32:21.296Z",
"dateUpdated": "2026-06-02T18:17:31.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}