Search

Find a vulnerability

Search criteria

    3402 vulnerabilities

    CVE-2026-15146 (GCVE-0-2026-15146)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:20 – Updated: 2026-07-10 19:30
    VLAI
    Title
    CVE-2026-15146
    Summary
    GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    GNU wget Wget Affected: 0 , ≤ 1.25.0 before commit 4f85853f641863d5915786a8413e1a213726a62b (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15146",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T19:17:02.863029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T19:17:58.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-10T19:30:53.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/564823"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wget",
              "vendor": "GNU wget",
              "versions": [
                {
                  "lessThanOrEqual": "1.25.0 before commit 4f85853f641863d5915786a8413e1a213726a62b",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget\u2019s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:20:58.269Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://cgit.git.savannah.gnu.org/cgit/wget.git/commit/?id=4f85853f641863d5915786a8413e1a213726a62b"
            },
            {
              "url": "https://kb.cert.org/vuls/id/564823"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-15146",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-15146"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-15146",
        "datePublished": "2026-07-10T18:20:58.269Z",
        "dateReserved": "2026-07-08T19:10:56.213Z",
        "dateUpdated": "2026-07-10T19:30:53.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13462 (GCVE-0-2026-13462)

    Vulnerability from cvelistv5 – Published: 2026-07-09 17:10 – Updated: 2026-07-09 19:45
    VLAI
    Title
    PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability
    Summary
    PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    PayRange PayRange Affected: 7.0.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:45:40.068309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:45:55.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PayRange",
              "vendor": "PayRange",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T17:10:44.429Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://cwe.mitre.org/data/definitions/295.html"
            },
            {
              "url": "https://kb.cert.org/vuls/id/152953"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13462"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-13462",
        "datePublished": "2026-07-09T17:10:44.429Z",
        "dateReserved": "2026-06-26T20:08:46.304Z",
        "dateUpdated": "2026-07-09T19:45:55.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13461 (GCVE-0-2026-13461)

    Vulnerability from cvelistv5 – Published: 2026-07-09 17:08 – Updated: 2026-07-10 20:32
    VLAI
    Title
    PayRange version 7.0.7 contains a JavaScript injection vulnerability
    Summary
    When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    PayRange PayRange Affected: 7.0.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T19:09:02.608288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:32:30.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PayRange",
              "vendor": "PayRange",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user\u0027s device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T17:08:53.024Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://cwe.mitre.org/data/definitions/94.html"
            },
            {
              "url": "https://kb.cert.org/vuls/id/152953"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PayRange version 7.0.7 contains a JavaScript injection vulnerability",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13461"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-13461",
        "datePublished": "2026-07-09T17:08:53.024Z",
        "dateReserved": "2026-06-26T20:08:29.251Z",
        "dateUpdated": "2026-07-10T20:32:30.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14261 (GCVE-0-2026-14261)

    Vulnerability from cvelistv5 – Published: 2026-07-09 12:37 – Updated: 2026-07-09 15:21
    VLAI
    Title
    CVE-2026-14261
    Summary
    A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Xerte Xerte Online Tools Affected: 0 , < 3.14.6 (custom)
    Create a notification for this product.
    Xerte Xerte Online Tools Affected: 0 , < 3.15.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T15:21:35.872016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T15:21:38.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xerte Online Tools",
              "vendor": "Xerte",
              "versions": [
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Xerte Online Tools",
              "vendor": "Xerte",
              "versions": [
                {
                  "lessThan": "3.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T12:37:43.523Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1532"
            },
            {
              "url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/8fec6602e80c5d35903d65e65b65b794297d8e90"
            },
            {
              "url": "https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-14261",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-14261"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-14261",
        "datePublished": "2026-07-09T12:37:43.523Z",
        "dateReserved": "2026-06-30T16:15:16.781Z",
        "dateUpdated": "2026-07-09T15:21:38.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12116 (GCVE-0-2026-12116)

    Vulnerability from cvelistv5 – Published: 2026-07-09 12:37 – Updated: 2026-07-09 15:15
    VLAI
    Title
    CVE-2026-12116
    Summary
    A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Xerte Xerte Online Tools Affected: 0 , < v3.15.5 (custom)
    Create a notification for this product.
    Xerte Xerte Online Tools Affected: 0 , < 3.14.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T15:15:30.339452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T15:15:34.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xerte Online Tools",
              "vendor": "Xerte",
              "versions": [
                {
                  "lessThan": "v3.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Xerte Online Tools",
              "vendor": "Xerte",
              "versions": [
                {
                  "lessThan": "3.14.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T12:37:31.679Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/8ef20628f80bd88bd1fe3e5844a9116a910086b7"
            },
            {
              "url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1543"
            },
            {
              "url": "https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-12116",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12116"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-12116",
        "datePublished": "2026-07-09T12:37:31.679Z",
        "dateReserved": "2026-06-12T14:47:35.871Z",
        "dateUpdated": "2026-07-09T15:15:34.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10706 (GCVE-0-2026-10706)

    Vulnerability from cvelistv5 – Published: 2026-07-08 14:06 – Updated: 2026-07-09 15:13
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized attacker
    Summary
    In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adalo No-Code App Builder App Builder Affected: 1 , ≤ 2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10706",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T15:13:39.000602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T15:13:42.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Builder",
              "vendor": "Adalo No-Code App Builder",
              "versions": [
                {
                  "lessThanOrEqual": "2",
                  "status": "affected",
                  "version": "1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Adalo\u2019s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T14:06:34.842Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/849433"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized attacker",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10706"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-10706",
        "datePublished": "2026-07-08T14:06:34.842Z",
        "dateReserved": "2026-06-02T17:46:45.590Z",
        "dateUpdated": "2026-07-09T15:13:42.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10708 (GCVE-0-2026-10708)

    Vulnerability from cvelistv5 – Published: 2026-07-08 14:05 – Updated: 2026-07-09 15:13
    VLAI
    Title
    Insufficiently Protected Credentials
    Summary
    This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adalo No-Code App Builder App Builder Affected: 1 , ≤ 2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T15:12:56.923608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T15:13:00.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Builder",
              "vendor": "Adalo No-Code App Builder",
              "versions": [
                {
                  "lessThanOrEqual": "2",
                  "status": "affected",
                  "version": "1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability enables large\u2011scale data harvesting without requiring app\u2011specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long\u2011lived twenty\u2011day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T14:05:15.678Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/849433"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10708"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-10708",
        "datePublished": "2026-07-08T14:05:15.678Z",
        "dateReserved": "2026-06-02T17:59:57.666Z",
        "dateUpdated": "2026-07-09T15:13:00.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11405 (GCVE-0-2026-11405)

    Vulnerability from cvelistv5 – Published: 2026-07-06 19:17 – Updated: 2026-07-08 13:40
    VLAI
    Title
    Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
    Summary
    The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda firmware Affected: US_AC6V2.0RTL_V15.03.06.51_multi_T
    Create a notification for this product.
    Tenda firmware Affected: US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
    Create a notification for this product.
    Tenda firmware Affected: US_AC10V1.0re_V15.03.06.46_multi_TDE01
    Create a notification for this product.
    Tenda firmware Affected: US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
    Create a notification for this product.
    Tenda firmware Affected: US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-06T20:37:55.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/213560"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T03:56:43.961536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:40:24.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "firmware",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "US_AC6V2.0RTL_V15.03.06.51_multi_T"
                }
              ]
            },
            {
              "product": "firmware",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "US_AC5V1.0RTL_V15.03.06.48_multi_TDE01"
                }
              ]
            },
            {
              "product": "firmware",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "US_AC10V1.0re_V15.03.06.46_multi_TDE01"
                }
              ]
            },
            {
              "product": "firmware",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE"
                }
              ]
            },
            {
              "product": "firmware",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8.\r\n\r\n- The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key).\r\n- After normal authentication fails, it calls GetValue(\"sys.rzadmin.password\") to read a backdoor password from the device configuration.\r\n- It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password.\r\n\r\nA successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked \u2014 any username works with the backdoor"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T19:24:17.280Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://cwe.mitre.org/data/definitions/912.html"
            },
            {
              "url": "https://kb.cert.org/vuls/id/213560"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-11405"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-11405",
        "datePublished": "2026-07-06T19:17:07.891Z",
        "dateReserved": "2026-06-05T18:12:15.445Z",
        "dateUpdated": "2026-07-08T13:40:24.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13753 (GCVE-0-2026-13753)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:00 – Updated: 2026-07-08 17:00
    VLAI
    Title
    CVE-2026-13753
    Summary
    A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    HP Inc. HP 2800 Printer Series Affected: 0 , ≤ TBP1CN2612AR. (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13753",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:12:36.743111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:12:56.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:33:52.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/828543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP 2800 Printer Series",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "TBP1CN2612AR.",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version \u003c=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi\u2011Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T17:00:16.985Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/828543"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-13753",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-13753"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-13753",
        "datePublished": "2026-07-06T18:00:06.663Z",
        "dateReserved": "2026-06-29T16:46:12.558Z",
        "dateUpdated": "2026-07-08T17:00:16.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12168 (GCVE-0-2026-12168)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:36 – Updated: 2026-07-02 17:36
    VLAI
    Title
    CVE-2026-12168
    Summary
    An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Little Orbit GameFirst Anti-Cheat Affected: 0 , ≤ 2025-07-07 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T17:36:06.427941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T17:36:23.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GameFirst Anti-Cheat",
              "vendor": "Little Orbit",
              "versions": [
                {
                  "lessThanOrEqual": "2025-07-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-123 Write-What-Where Condition",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:07:03.882Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.littleorbit.com/"
            },
            {
              "url": "https://kb.cert.org/vuls/id/639124"
            },
            {
              "url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-12168",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12168"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-12168",
        "datePublished": "2026-07-02T14:36:27.552Z",
        "dateReserved": "2026-06-12T19:40:44.862Z",
        "dateUpdated": "2026-07-02T17:36:23.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12166 (GCVE-0-2026-12166)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:36 – Updated: 2026-07-02 17:35
    VLAI
    Title
    CVE-2026-12166
    Summary
    A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Little Orbit GameFirst Anti-Cheat Affected: 0 , ≤ 2025-07-07 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T17:35:09.610134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T17:35:36.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GameFirst Anti-Cheat",
              "vendor": "Little Orbit",
              "versions": [
                {
                  "lessThanOrEqual": "2025-07-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:06:50.751Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.littleorbit.com/"
            },
            {
              "url": "https://kb.cert.org/vuls/id/639124"
            },
            {
              "url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-12166",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12166"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-12166",
        "datePublished": "2026-07-02T14:36:04.413Z",
        "dateReserved": "2026-06-12T19:40:24.620Z",
        "dateUpdated": "2026-07-02T17:35:36.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12167 (GCVE-0-2026-12167)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:35 – Updated: 2026-07-02 17:34
    VLAI
    Title
    CVE-2026-12167
    Summary
    The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Little Orbit GameFirst Anti-Cheat Affected: 0 , ≤ 2025-07-07 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T17:34:42.415314Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T17:34:47.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GameFirst Anti-Cheat",
              "vendor": "Little Orbit",
              "versions": [
                {
                  "lessThanOrEqual": "2025-07-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:06:37.740Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.littleorbit.com/"
            },
            {
              "url": "https://kb.cert.org/vuls/id/639124"
            },
            {
              "url": "https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-12167",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-12167"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-12167",
        "datePublished": "2026-07-02T14:35:47.922Z",
        "dateReserved": "2026-06-12T19:40:33.666Z",
        "dateUpdated": "2026-07-02T17:34:47.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0828 (GCVE-0-2026-0828)

    Vulnerability from cvelistv5 – Published: 2026-06-26 15:47 – Updated: 2026-06-26 17:33
    VLAI
    Title
    Kernel driver vulnerability in Safetica Endpoint Client
    Summary
    Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Safetica Endpoint Client Affected: 10.5.75.0 , ≤ 10.5.75.0 (custom)
    Create a notification for this product.
    Safetica Endpoint Client Affected: 11.11.4.0 , ≤ 11.11.4.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:50:43.484Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/818729"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T17:33:10.210218Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T17:33:16.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Endpoint Client",
              "vendor": "Safetica",
              "versions": [
                {
                  "lessThanOrEqual": "10.5.75.0",
                  "status": "affected",
                  "version": "10.5.75.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Endpoint Client",
              "vendor": "Safetica",
              "versions": [
                {
                  "lessThanOrEqual": "11.11.4.0",
                  "status": "affected",
                  "version": "11.11.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kernel driver ProcessMonitorDriver.sys in Safetica\u0027s endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T15:47:32.364Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.safetica.com/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Kernel driver vulnerability in Safetica Endpoint Client",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0828"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-0828",
        "datePublished": "2026-06-26T15:47:32.364Z",
        "dateReserved": "2026-01-09T19:21:20.617Z",
        "dateUpdated": "2026-06-26T17:33:16.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0685 (GCVE-0-2026-0685)

    Vulnerability from cvelistv5 – Published: 2026-06-26 15:45 – Updated: 2026-06-26 17:36
    VLAI
    Title
    Server side template inject (SSTI) in Edgewall Genshi Template Engine
    Summary
    Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Edgewall *Genshi* Genshi Affected: 0 , ≤ 0.7.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:50:40.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/244846"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T17:36:09.734967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T17:36:14.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Genshi",
              "vendor": "Edgewall *Genshi*",
              "versions": [
                {
                  "lessThanOrEqual": "0.7.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T15:45:11.283Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/edgewall/genshi/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server side template inject (SSTI) in Edgewall Genshi Template Engine",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0685"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-0685",
        "datePublished": "2026-06-26T15:45:11.283Z",
        "dateReserved": "2026-01-07T19:12:01.099Z",
        "dateUpdated": "2026-06-26T17:36:14.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11919 (GCVE-0-2025-11919)

    Vulnerability from cvelistv5 – Published: 2026-06-26 15:39 – Updated: 2026-06-26 17:40
    VLAI
    Title
    Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
    Summary
    The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:49:25.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/553375"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11919",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T17:39:58.284281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T17:40:10.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/PeterRoberge/vulnerability-wolfram-cloud-14.2/blob/main/disclosure.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud",
              "vendor": "Wolfram Research Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`).  The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM.  An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath.  By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker\u0027s code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T16:11:46.925Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/PeterRoberge/vulnerability-wolfram-cloud-14.2/blob/main/disclosure.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unprotected temporary directories in Wolfram Cloud may result in privilege escalation",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-11919"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2025-11919",
        "datePublished": "2026-06-26T15:39:41.353Z",
        "dateReserved": "2025-10-17T14:38:44.831Z",
        "dateUpdated": "2026-06-26T17:40:10.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5757 (GCVE-0-2026-5757)

    Vulnerability from cvelistv5 – Published: 2026-06-26 15:15 – Updated: 2026-06-26 18:38
    VLAI
    Title
    There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
    Summary
    Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Ollama AI Ollama Affected: v0.13.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:52:23.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/518910"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5757",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T18:37:59.802606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T18:38:23.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ollama",
              "vendor": "Ollama AI",
              "versions": [
                {
                  "status": "affected",
                  "version": "v0.13.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine allows an attacker to read and exfiltrate the server\u0027s heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T15:15:28.464Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/518910"
            },
            {
              "url": "https://ollama.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine",
          "x_generator": {
            "engine": "VINCE 3.0.43",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5757"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-5757",
        "datePublished": "2026-06-26T15:15:28.464Z",
        "dateReserved": "2026-04-07T16:59:20.290Z",
        "dateUpdated": "2026-06-26T18:38:23.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8050 (GCVE-0-2026-8050)

    Vulnerability from cvelistv5 – Published: 2026-06-17 21:05 – Updated: 2026-06-18 13:14
    VLAI
    Title
    CVE-2026-8050
    Summary
    In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    SignalRGB SignalRGB kernel driver Affected: 0 , < 1.3.7.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T13:14:27.020614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T13:14:31.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SignalRGB kernel driver",
              "vendor": "SignalRGB",
              "versions": [
                {
                  "lessThan": "1.3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T21:05:32.448Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/380058"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8050",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8050"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8050",
        "datePublished": "2026-06-17T21:05:32.448Z",
        "dateReserved": "2026-05-06T17:40:15.269Z",
        "dateUpdated": "2026-06-18T13:14:31.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8049 (GCVE-0-2026-8049)

    Vulnerability from cvelistv5 – Published: 2026-06-17 21:05 – Updated: 2026-06-18 13:12
    VLAI
    Title
    CVE-2026-8049
    Summary
    In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SignalRGB SignalRGB kernel driver Affected: 0 , < 1.3.7.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T13:12:10.123796Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T13:12:38.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SignalRGB kernel driver",
              "vendor": "SignalRGB",
              "versions": [
                {
                  "lessThan": "1.3.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In SignalRGB versions prior to 1.3.7.0, the \\\\.\\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T21:05:25.402Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/380058"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8049",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8049"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8049",
        "datePublished": "2026-06-17T21:05:25.402Z",
        "dateReserved": "2026-05-06T17:40:03.996Z",
        "dateUpdated": "2026-06-18T13:12:38.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9648 (GCVE-0-2026-9648)

    Vulnerability from cvelistv5 – Published: 2026-06-11 14:30 – Updated: 2026-06-11 15:39
    VLAI
    Title
    CVE-2026-9648
    Summary
    The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:10:30.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/862559"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T15:39:09.493112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:39:31.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "crypton-certificate",
              "vendor": "Haskell Programming Language",
              "versions": [
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA\u2019s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:30:30.800Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30"
            },
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30/changes/f4b77edf6ead77f4a886da40e41eab20f0180e39"
            },
            {
              "url": "https://hackage.haskell.org/package/crypton-x509-validation-1.9.1/revisions/"
            },
            {
              "url": "https://github.com/haskell/security-advisories/pull/332"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-9648",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-9648"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-9648",
        "datePublished": "2026-06-11T14:30:30.800Z",
        "dateReserved": "2026-05-26T19:26:04.460Z",
        "dateUpdated": "2026-06-11T15:39:31.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8863 (GCVE-0-2026-8863)

    Vulnerability from cvelistv5 – Published: 2026-06-09 18:10 – Updated: 2026-06-10 15:16
    VLAI
    Title
    CVE-2026-8863
    Summary
    Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    Impacted products
    Credits
    Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T19:03:03.811729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T19:03:21.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-09T19:41:27.054Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/616257"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OracleLinux(7.2) shim",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.9"
                }
              ]
            },
            {
              "product": "Service Center Enterprise",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "17.0.7536.900",
                  "status": "affected",
                  "version": "14",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Service Center Drive Erase",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "17.0.7538.592",
                  "status": "affected",
                  "version": "15",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Service Center Japan",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "17.0.7539.904",
                  "status": "affected",
                  "version": "15",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Service Center",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "17.0.7535.900",
                  "status": "affected",
                  "version": "14",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Network Factory for Linux (Bootable Diagnostics)",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "6.20.7711.267",
                  "status": "affected",
                  "version": "6.9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Factory for Linux (Bootable Diagnostics)",
              "vendor": "PC-Doctor",
              "versions": [
                {
                  "lessThanOrEqual": "6.20.7710.267",
                  "status": "affected",
                  "version": "6.9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WTGCreator",
              "vendor": "Spyrus",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            },
            {
              "product": "WhiteCanyon WipeDrive",
              "vendor": "Blancco UK",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "baramundi Management Suite",
              "vendor": "baramundi software",
              "versions": [
                {
                  "lessThanOrEqual": "2024R1",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "OpenSUSE shim",
              "vendor": "SUSE Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.9"
                }
              ]
            },
            {
              "product": "Abitti 1",
              "vendor": "Finland Matriculation Board",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "RosaLinux",
              "vendor": "NTC IT ROSA LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "R9"
                }
              ]
            },
            {
              "product": "RosaLinux",
              "vendor": "NTC IT ROSA LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "R10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-354: Improper Validation of Integrity Check Value",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T15:16:35.228Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "Microsoft Vendor Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863"
            },
            {
              "name": "CERT/CC Vulnerability Notice",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://kb.cert.org/vuls/id/616257"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CVE-2026-8863",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8863"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8863",
        "datePublished": "2026-06-09T18:10:15.426Z",
        "dateReserved": "2026-05-18T19:41:10.790Z",
        "dateUpdated": "2026-06-10T15:16:35.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10045 (GCVE-0-2026-10045)

    Vulnerability from cvelistv5 – Published: 2026-06-09 18:09 – Updated: 2026-06-09 19:09
    VLAI
    Title
    CVE-2026-10045
    Summary
    Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10045",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T19:09:40.667720Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T19:09:45.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://rubenabreu.xyz/post/temu-routers-and-their-implications"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DR300",
              "vendor": "Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.2.121"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Shenzhen Kangda Xin Intelligent Network Technology Company\u0027s router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:09:56.599Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://rubenabreu.xyz/post/temu-routers-and-their-implications"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-10045",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10045"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-10045",
        "datePublished": "2026-06-09T18:09:56.599Z",
        "dateReserved": "2026-05-28T21:12:31.476Z",
        "dateUpdated": "2026-06-09T19:09:45.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8888 (GCVE-0-2026-8888)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:16 – Updated: 2026-06-04 19:48
    VLAI
    Title
    CVE-2026-8888
    Summary
    Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8888",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T19:48:22.314942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1333",
                    "description": "CWE-1333 Inefficient Regular Expression Complexity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T19:48:31.510Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1333",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:18:13.249Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8888",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8888"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8888",
        "datePublished": "2026-06-03T18:16:25.264Z",
        "dateReserved": "2026-05-18T20:40:05.298Z",
        "dateUpdated": "2026-06-04T19:48:31.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8889 (GCVE-0-2026-8889)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:15 – Updated: 2026-06-10 19:00
    VLAI
    Title
    CVE-2026-8889
    Summary
    Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T19:49:34.564362Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T19:00:10.351Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-328",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:15:15.450Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8889",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8889"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8889",
        "datePublished": "2026-06-03T18:15:15.450Z",
        "dateReserved": "2026-05-18T20:43:53.154Z",
        "dateUpdated": "2026-06-10T19:00:10.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8881 (GCVE-0-2026-8881)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:13 – Updated: 2026-06-04 17:25
    VLAI
    Title
    CVE-2026-8881
    Summary
    Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T17:25:31.107400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T17:25:48.030Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:13:14.217Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8881",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8881"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8881",
        "datePublished": "2026-06-03T18:13:14.217Z",
        "dateReserved": "2026-05-18T20:32:53.054Z",
        "dateUpdated": "2026-06-04T17:25:48.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8879 (GCVE-0-2026-8879)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:11 – Updated: 2026-06-04 14:13
    VLAI
    Title
    CVE-2026-8879
    Summary
    Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly's servers are unreachable, pages remain indefinitely hidden.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:12:27.850403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-829",
                    "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:13:20.892Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly\u0027s servers are unreachable, pages remain indefinitely hidden."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:11:04.269Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8879",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8879"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8879",
        "datePublished": "2026-06-03T18:11:04.269Z",
        "dateReserved": "2026-05-18T20:29:18.234Z",
        "dateUpdated": "2026-06-04T14:13:20.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8878 (GCVE-0-2026-8878)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:09 – Updated: 2026-06-04 14:18
    VLAI
    Title
    CVE-2026-8878
    Summary
    Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:18:41.000614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:18:55.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:09:04.115Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8878",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8878"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8878",
        "datePublished": "2026-06-03T18:09:04.115Z",
        "dateReserved": "2026-05-18T20:27:44.651Z",
        "dateUpdated": "2026-06-04T14:18:55.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8876 (GCVE-0-2026-8876)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:07 – Updated: 2026-06-04 14:20
    VLAI
    Title
    CVE-2026-8876
    Summary
    Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , ≤ 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:20:09.967341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:20:24.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-321",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:07:13.200Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8876",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8876"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8876",
        "datePublished": "2026-06-03T18:07:13.200Z",
        "dateReserved": "2026-05-18T20:27:18.596Z",
        "dateUpdated": "2026-06-04T14:20:24.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8874 (GCVE-0-2026-8874)

    Vulnerability from cvelistv5 – Published: 2026-06-03 18:03 – Updated: 2026-06-04 14:43
    VLAI
    Title
    CVE-2026-8874
    Summary
    Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Securly Securly Chrome Extension Affected: 0 , < 3.0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T14:42:14.501953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T14:43:00.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Securly Chrome Extension",
              "vendor": "Securly",
              "versions": [
                {
                  "lessThan": "3.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T18:03:04.592Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/595768"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-8874",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8874"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-8874",
        "datePublished": "2026-06-03T18:03:04.592Z",
        "dateReserved": "2026-05-18T20:26:19.787Z",
        "dateUpdated": "2026-06-04T14:43:00.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10629 (GCVE-0-2026-10629)

    Vulnerability from cvelistv5 – Published: 2026-06-02 14:35 – Updated: 2026-06-03 15:19
    VLAI
    Title
    CVE-2026-10629
    Summary
    SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Verizon VoLTE Affected: UNKNOWN
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-02T15:23:02.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/615987"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T15:19:08.539555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T15:19:11.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VoLTE",
              "vendor": "Verizon",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNKNOWN"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-523 Missing Transport Layer Protection",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:35:07.902Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.3gpp.org/DynReport/33203.htm"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-10629",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10629"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-10629",
        "datePublished": "2026-06-02T14:35:07.902Z",
        "dateReserved": "2026-06-02T14:31:31.922Z",
        "dateUpdated": "2026-06-03T15:19:11.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7299 (GCVE-0-2026-7299)

    Vulnerability from cvelistv5 – Published: 2026-06-02 14:07 – Updated: 2026-06-02 18:17
    VLAI
    Title
    CVE-2026-7299
    Summary
    Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Appsmith Appsmith Affected: 0 , < 2.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-02T15:23:03.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/265691"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7299",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T18:17:27.406510Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T18:17:31.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Stuub/Appsmith-1.98-Stored-XSS-Exploit"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Appsmith",
              "vendor": "Appsmith",
              "versions": [
                {
                  "lessThan": "2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Appsmith\u2019s SQL query editor\u2019s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:07:52.626Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-vvxf-f8q9-86gh"
            },
            {
              "url": "https://github.com/appsmithorg/appsmith/pull/41666"
            },
            {
              "url": "https://github.com/Stuub/Appsmith-1.98-Stored-XSS-Exploit"
            },
            {
              "url": "https://github.com/appsmithorg/appsmith/releases/tag/v2.1"
            },
            {
              "url": "https://github.com/appsmithorg/appsmith/commit/99d69180919981ed9bc5484050d809a5bec68acc"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-7299",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7299"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-7299",
        "datePublished": "2026-06-02T14:07:52.626Z",
        "dateReserved": "2026-04-28T11:32:21.296Z",
        "dateUpdated": "2026-06-02T18:17:31.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }