ApostropheCMS is an open-source Node
Description
ApostropheCMS is an open-source Node
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
ApostropheCMS is an open-source Node
ApostropheCMS is an open-source Node
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ChurchCRM is an open-source church management system
ChurchCRM is an open-source church management system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
It was identified that the LDAP client implementation in version 2
It was identified that the LDAP client implementation in version 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2
---METADATA---
VENDOR: Amazon
PRODUCT: Athena ODBC Driver
AFFECTED_VERSIONS: Versions prior to 2.0
---END_METADATA---
Description Summary:
The Amazon Athena ODBC driver is vulnerable to resource exhaustion due to unlimited resource allocation within its parsing components during data processing.
Executive Summary:
Amazon Athena ODBC driver versions prior to 2.0 are susceptible to a denial-of-service condition caused by unrestricted resource allocation during the parsing of incoming data.
Vulnerability Details
CVE-ID: CVE-2026-35562
Affected Software: Amazon Athena ODBC Driver
Affected Versions: Versions prior to 2.0
Vulnerability: This vulnerability involves the allocation of resources without limits within the driver's parsing components. An attacker can exploit this flaw by providing specially crafted input that causes the driver to consume excessive system memory or CPU, typically occurring during the initial data parsing phase.
Business Impact
A successful exploit of this vulnerability can lead to a complete Denial of Service (DoS) for applications relying on the Athena ODBC driver. This results in system instability, application crashes, and the inability to process data queries, potentially halting business operations that depend on real-time data analytics. The CVSS score of 7.5 reflects a High severity, primarily due to the impact on system availability.
Remediation Plan
Immediate Action: Administrators should immediately upgrade to Amazon Athena ODBC driver version 2.0 or later to resolve the unrestricted resource allocation issue.
Proactive Monitoring: Monitor system resource usage (CPU and Memory) on hosts utilizing the ODBC driver for unexplained spikes that may indicate exploitation attempts.
Compensating Controls: Implement network-level access controls to ensure only trusted applications and IP addresses can establish connections via the ODBC driver.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high as it targets fundamental parsing logic.
Analyst Recommendation
The severity of this vulnerability necessitates immediate attention to prevent operational downtime. Organizations should prioritize the deployment of version 2.0 of the Amazon Athena ODBC driver across all affected environments to mitigate the risk of denial-of-service attacks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2
---METADATA---
VENDOR: Amazon
PRODUCT: Athena ODBC Driver
AFFECTED_VERSIONS: Versions prior to 2.0
---END_METADATA---
Description Summary:
The Amazon Athena ODBC driver contains insufficient security controls in its browser-based authentication components, potentially allowing for unauthorized session access.
Executive Summary:
Weak authentication security controls in the Amazon Athena ODBC driver's browser-based login flow could allow unauthorized users to gain access to the data environment.
Vulnerability Details
CVE-ID: CVE-2026-35561
Affected Software: Amazon Athena ODBC Driver
Affected Versions: Versions prior to 2.0
Vulnerability: This vulnerability stems from insufficient authentication security controls within the driver's browser-based authentication components. This flaw could be exploited to bypass or weaken the authentication process, allowing an attacker to gain unauthorized access to the driver’s connection session.
Business Impact
Weaknesses in authentication controls directly threaten the security of the data stored in Amazon Athena. Unauthorized access could lead to large-scale data exfiltration, unauthorized data modification, or regulatory non-compliance. The CVSS score of 7.4 reflects the high risk of unauthorized access to sensitive business intelligence data.
Remediation Plan
Immediate Action: Organizations must update to Amazon Athena ODBC driver version 2.0 or later, which implements strengthened authentication controls for browser-based flows.
Proactive Monitoring: Audit Amazon Athena access logs for unusual login patterns, such as logins from unexpected locations or at unusual times.
Compensating Controls: Implement Multi-Factor Authentication (MFA) at the Identity Provider level to provide an additional layer of security that remains effective even if driver-level controls are weak.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. Authentication bypasses are highly sought after by threat actors, making timely patching essential.
Analyst Recommendation
Securing the authentication gateway is critical for maintaining data sovereignty. Administrators should treat this as a high-priority update and deploy version 2.0 across all workstations and servers utilizing the Athena ODBC driver.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2
---METADATA---
VENDOR: Amazon
PRODUCT: Athena ODBC Driver
AFFECTED_VERSIONS: Versions prior to 2.0
---END_METADATA---
Description Summary:
The Amazon Athena ODBC driver fails to properly validate certificates within its identity provider (IdP) connection components, enabling potential interception.
Executive Summary:
Improper certificate validation in the Amazon Athena ODBC driver prior to version 2.0 allows attackers to perform Man-in-the-Middle (MitM) attacks during identity provider authentication.
Vulnerability Details
CVE-ID: CVE-2026-35560
Affected Software: Amazon Athena ODBC Driver
Affected Versions: Versions prior to 2.0
Vulnerability: The driver's identity provider connection components do not correctly validate the digital certificates presented by the IdP. This unauthenticated flaw allows a network-positioned attacker to present a fraudulent certificate, which the driver will incorrectly trust.
Business Impact
Failure to validate certificates exposes sensitive authentication traffic to Man-in-the-Middle attacks. Attackers can intercept, decrypt, and modify communication between the driver and the identity provider, leading to the theft of credentials and unauthorized access to Amazon Athena data. The CVSS score of 7.4 indicates a High severity risk to data confidentiality and integrity.
Remediation Plan
Immediate Action: Upgrade the Amazon Athena ODBC driver to version 2.0 or later to ensure proper certificate validation logic is enforced.
Proactive Monitoring: Inspect network traffic for unusual certificate authorities or self-signed certificates appearing in connections to identity providers.
Compensating Controls: Ensure the use of encrypted tunnels (VPNs) and secure network segments for all administrative and data-access traffic to reduce the risk of interception.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, MitM attacks are a common method for credential harvesting in enterprise environments.
Analyst Recommendation
Organizations using Amazon Athena must prioritize this update to protect their authentication chain. Applying the version 2.0 update is the only effective way to ensure that identity provider connections are properly authenticated and secured against interception.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2
---METADATA---
VENDOR: Amazon
PRODUCT: Athena ODBC driver
AFFECTED_VERSIONS: Before version 2
---END_METADATA---
Description Summary:
The Amazon Athena ODBC driver contains a high-severity vulnerability due to improper neutralization of special elements in its authentication components.
Executive Summary:
A vulnerability in the Amazon Athena ODBC driver's authentication process could allow attackers to bypass security controls or gain unauthorized access to cloud data.
Vulnerability Details
CVE-ID: CVE-2026-35558
Affected Software: Amazon Athena ODBC driver
Affected Versions: Before version 2
Vulnerability: This vulnerability involves the improper neutralization of special elements within the driver's authentication components. This suggests a potential for injection-style attacks that could manipulate the authentication flow, potentially allowing an attacker to bypass credential checks or escalate privileges.
Business Impact
A successful exploit could lead to unauthorized access to sensitive data stored in Amazon Athena, resulting in data breaches and regulatory non-compliance. With a CVSS score of 7.8, the risk to data confidentiality and integrity is high, especially for organizations that use ODBC drivers to connect legacy applications to cloud data lakes.
Remediation Plan
Immediate Action: Upgrade the Amazon Athena ODBC driver to version 2 or later on all client machines and servers immediately.
Proactive Monitoring: Audit Amazon Athena query logs in AWS CloudTrail for any unusual or unauthorized data access patterns originating from ODBC connections.
Compensating Controls: Use AWS Identity and Access Management (IAM) policies to enforce the principle of least privilege, ensuring that even if a driver is compromised, the attacker's access to data is limited.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation. Authentication flaws in database drivers are critical because they reside at the junction between applications and sensitive data stores.
Analyst Recommendation
Immediate application of the updated driver is the most effective mitigation strategy. Administrators should ensure that all instances of the driver, including those on developer workstations and automated reporting servers, are identified and patched without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics
A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A heap-based buffer overflow in libnv, caused by improper message size validation, allows for system crashes or potential privilege escalation.
A heap-based buffer overflow in libnv, caused by improper message size validation, allows for system crashes or potential privilege escalation.
---METADATA---
VENDOR: libnv
PRODUCT: libnv
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A heap-based buffer overflow in libnv, caused by improper message size validation, allows for system crashes or potential privilege escalation.
Executive Summary:
A critical heap-based buffer overflow in libnv allows unprivileged users to crash the system or potentially escalate their privileges.
Vulnerability Details
CVE-ID: CVE-2026-35547
Affected Software: libnv
Affected Versions: See vendor advisory
Vulnerability: The library fails to validate message sizes during header processing. This leads to an out-of-bounds write on the heap, which an attacker can leverage to cause a system panic or execute arbitrary code with elevated privileges.
Business Impact
The CVSS score of 9.1 highlights a critical threat. Privilege escalation and system-level instability can lead to unauthorized data access and significant denial-of-service, impacting business continuity for systems relying on this library.
Remediation Plan
Immediate Action: Update all software packages that include the affected version of libnv to the latest patched version.
Proactive Monitoring: Monitor system logs for unexpected crashes or service restarts that may indicate an exploitation attempt.
Compensating Controls: Implement memory protection features (e.g., ASLR, DEP) and restrict access to the specific services that utilize the vulnerable library.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of April 30, 2026, no active exploitation has been reported. However, the potential for privilege escalation makes this a high-priority update.
Analyst Recommendation
Security teams should identify all applications utilizing the affected version of libnv and coordinate an immediate update cycle. Verify system integrity following any unexpected service restarts.
Update When Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant a...
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.
---METADATA---
VENDOR: Anviz
PRODUCT: CX2 Lite and CX7
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
Anviz CX2 Lite and CX7 devices are vulnerable to unauthenticated firmware uploads, allowing remote attackers to plant malicious code and obtain a reverse shell.
Executive Summary:
A critical vulnerability in Anviz CX2 Lite and CX7 devices allows unauthenticated remote attackers to upload and execute malicious firmware, leading to full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-35546
Affected Software: Anviz CX2 Lite and CX7
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The devices lack proper authentication for firmware upload processes, enabling attackers to submit crafted archives. This allows for arbitrary code execution and the establishment of a reverse shell on the affected hardware.
Business Impact
A CVSS score of 9.8 reflects the extreme risk posed by this vulnerability, as it allows for persistent, unauthenticated remote code execution. Attackers gaining control over these devices could use them as a foothold for lateral movement within the corporate network, leading to widespread data compromise and operational disruption.
Remediation Plan
Immediate Action: Update the firmware on all Anviz CX2 Lite and CX7 units to the latest version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from these devices, particularly those indicative of reverse shell activity.
Compensating Controls: Isolate the devices within a segmented network and restrict administrative access to the management interfaces to trusted IP addresses only.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Apr 17, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a total loss of security for the affected devices. It is imperative that security teams verify the firmware version of all deployed Anviz CX2 Lite and CX7 units and apply the necessary updates immediately to prevent unauthorized remote control.
Update Arch Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
In Sudo through 1
In Sudo through 1
---METADATA---
VENDOR: Sudo
PRODUCT: Sudo
AFFECTED_VERSIONS: Through version 1.x (See vendor advisory)
---END_METADATA---
Description Summary:
A security vulnerability exists in Sudo through version 1.x that could allow for unauthorized actions or privilege escalation.
Executive Summary:
A critical security flaw in Sudo versions through 1.x may allow users to bypass security restrictions or elevate privileges on affected Unix-like systems.
Vulnerability Details
CVE-ID: CVE-2026-35535
Affected Software: Sudo
Affected Versions: Through version 1.x
Vulnerability: While specific technical details are limited, the flaw resides within the Sudo utility's core logic. This vulnerability likely allows a local user to execute commands with elevated privileges or bypass configured security policies defined in the sudoers file.
Business Impact
The compromise of the Sudo utility is a significant security event, as it is a primary mechanism for administrative control on Linux and Unix systems. An attacker could gain root-level access, leading to full system compromise, data theft, and persistent unauthorized access. The CVSS score of 7.4 justifies the High severity rating and underscores the risk to system integrity.
Remediation Plan
Immediate Action: Update Sudo to the latest patched version provided by your operating system vendor immediately.
Proactive Monitoring: Review Sudo logs (/var/log/auth.log or /var/log/secure) for unusual command executions or failed attempts to use Sudo by unauthorized users.
Compensating Controls: Restrict Sudo usage to the absolute minimum number of users required and implement strict "sudoers" configurations using the principle of least privilege.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. Given that Sudo is a high-value target for attackers, a patch should be applied before exploit code is developed.
Analyst Recommendation
Due to the critical role Sudo plays in system security, this vulnerability represents a high risk to any environment. It is strongly recommended to apply the latest security updates from your distribution maintainer to all production servers immediately.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ChurchCRM is an open-source church management system
ChurchCRM is an open-source church management system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
mise manages dev tools like node, python, cmake, and terraform
mise manages dev tools like node, python, cmake, and terraform
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Strawberry GraphQL is a library for creating GraphQL APIs
Strawberry GraphQL is a library for creating GraphQL APIs
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Strawberry GraphQL is a library for creating GraphQL APIs
Strawberry GraphQL is a library for creating GraphQL APIs
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hard...
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.
---METADATA---
VENDOR: SenseLive
PRODUCT: X3050 Management Interface
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
The SenseLive X3050 web management interface is vulnerable to an authentication bypass due to client-side logic that relies on hardcoded values instead of secure server-side verification.
Executive Summary:
A critical authentication vulnerability in the SenseLive X3050 management interface allows attackers to bypass security controls by exploiting insecure client-side verification logic.
Vulnerability Details
CVE-ID: CVE-2026-35503
Affected Software: SenseLive X3050
Affected Versions: See vendor advisory
Vulnerability: The web management interface performs authentication checks exclusively on the client side using hardcoded parameters. An attacker can retrieve these values to bypass authentication and gain unauthorized administrative access to the device.
Business Impact
A CVSS score of 9.8 indicates a critical risk to the availability and integrity of the affected hardware. Successful exploitation allows an attacker to gain full administrative control, enabling the modification of device configurations, interception of traffic, or complete disabling of security features, which could lead to widespread operational downtime.
Remediation Plan
Immediate Action: Apply the latest firmware or software update provided by SenseLive to migrate authentication logic to the server side.
Proactive Monitoring: Monitor for unusual administrative logins or configuration changes occurring from unauthorized or unexpected source IP addresses.
Compensating Controls: Restrict access to the web management interface via network-level controls such as VLAN segmentation or Access Control Lists (ACLs) to ensure only trusted administrative endpoints can reach the service.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of April 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a fundamental design flaw in the product's security architecture. Immediate patching is required, and organizations should treat the affected devices as untrusted until the update is applied and administrative credentials are rotated.
Update SenseLive X3050 Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An improper decorator ordering in changedetection.io causes authentication wrappers to be bypassed, exposing sensitive routes to unauthenticated acces...
An improper decorator ordering in changedetection.io causes authentication wrappers to be bypassed, exposing sensitive routes to unauthenticated access.
---METADATA---
VENDOR: changedetection.io
PRODUCT: changedetection.io
AFFECTED_VERSIONS: Prior to 0.54.8
---END_METADATA---
Description Summary:
An improper decorator ordering in changedetection.io causes authentication wrappers to be bypassed, exposing sensitive routes to unauthenticated access.
Executive Summary:
A critical authentication bypass in changedetection.io allows unauthenticated attackers to access restricted application routes.
Vulnerability Details
CVE-ID: CVE-2026-35490
Affected Software: changedetection.io
Affected Versions: Prior to 0.54.8
Vulnerability: The application incorrectly orders Flask decorators, resulting in the auth wrapper being omitted from the call chain. This vulnerability effectively disables authentication for affected routes, allowing unauthenticated remote access.
Business Impact
The bypass of authentication controls poses a severe risk to data confidentiality and integrity. Given the CVSS score of 9.8, this flaw could allow unauthorized actors to manipulate or view sensitive web monitoring data, potentially leading to total system compromise.
Remediation Plan
Immediate Action: Upgrade changedetection.io to version 0.54.8 or later immediately.
Proactive Monitoring: Review web server access logs for anomalous traffic patterns targeting administrative or restricted URI endpoints.
Compensating Controls: Implement IP-based access restrictions or place the application behind an authentication-enabled reverse proxy until the patch is applied.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Apr 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this vulnerability necessitates immediate action. Administrators must update the changedetection.io instance to version 0.54.8 to restore proper authentication enforcement and mitigate the risk of unauthorized access.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
text-generation-webui is an open-source web interface for running Large Language Models
text-generation-webui is an open-source web interface for running Large Language Models
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
text-generation-webui is an open-source web interface for running Large Language Models
text-generation-webui is an open-source web interface for running Large Language Models
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
InvenTree is an Open Source Inventory Management System
InvenTree is an Open Source Inventory Management System
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The goshs SimpleHTTPServer exhibits a path traversal flaw in the file deletion function due to improper handling of return values.
The goshs SimpleHTTPServer exhibits a path traversal flaw in the file deletion function due to improper handling of return values.
---METADATA---
VENDOR: goshs
PRODUCT: goshs
AFFECTED_VERSIONS: Prior to 2.0.0-beta.3
---END_METADATA---
Description Summary:
The goshs SimpleHTTPServer exhibits a path traversal flaw in the file deletion function due to improper handling of return values.
Executive Summary:
A path traversal vulnerability in goshs allows remote attackers to delete arbitrary files on the host system, threatening system availability.
Vulnerability Details
CVE-ID: CVE-2026-35471
Affected Software: goshs
Affected Versions: Prior to 2.0.0-beta.3
Vulnerability: The deleteFile() function fails to return after a path traversal check, causing the application to proceed with the deletion operation despite the check failing.
Business Impact
An attacker can delete sensitive system files, leading to a denial-of-service or the destruction of critical data. With a CVSS score of 9.8, this flaw represents a significant risk to system stability and integrity.
Remediation Plan
Immediate Action: Update goshs to version 2.0.0-beta.3 or later.
Proactive Monitoring: Monitor logs for unauthorized file deletion attempts and unexpected service outages.
Compensating Controls: Ensure the service account has minimal filesystem permissions, restricted only to the directories required for operation.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Apr 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The failure to properly handle validation returns is a critical logic error. Administrators must update to the latest version immediately to ensure that path validation is enforced correctly.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenSTAManager is an open source management software for technical assistance and invoicing
OpenSTAManager is an open source management software for technical assistance and invoicing
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Out-of-bounds read in ALPN parsing due to incomplete validation
Out-of-bounds read in ALPN parsing due to incomplete validation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of t...
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials
---METADATA---
VENDOR: Unknown
PRODUCT: Temporary Browser Client
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
Stored API keys in a temporary browser client are not marked as protected, allowing for credential extraction via JavaScript console errors or other system faults.
Executive Summary:
Insecure storage of API keys in a browser-based client allows for the unauthorized extraction of encryption credentials, leading to potential data compromise.
Vulnerability Details
CVE-ID: CVE-2026-35467
Affected Software: Temporary Browser Client
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves the improper protection of stored API keys within a browser client. Because these keys are not marked as protected, they can be exposed through JavaScript console logs or during error handling, allowing an attacker with local or session access to extract sensitive encryption credentials.
Business Impact
The extraction of API keys can lead to unauthorized access to cloud services, databases, or other integrated third-party platforms. With a CVSS score of 7.5, the risk is High, as it could lead to large-scale data exfiltration and the compromise of the entire service ecosystem associated with those keys.
Remediation Plan
Immediate Action: Apply vendor security updates that implement proper protection (such as encryption or secure storage flags) for API keys in the browser client.
Proactive Monitoring: Audit application logs for abnormal API usage patterns that might indicate compromised credentials are being used by unauthorized parties.
Compensating Controls: Implement short-lived API tokens and strict IP-based access controls for API endpoints to minimize the impact of a leaked key.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. The flaw is primarily exploitable if an attacker can induce or view application errors or gain access to the user's browser environment.
Analyst Recommendation
Developers and administrators must ensure that sensitive credentials are never stored in a way that is accessible to client-side scripts or error-reporting mechanisms. Apply the recommended patches immediately to ensure that API keys are properly protected within the browser environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
pyLoad is a free and open-source download manager written in Python
pyLoad is a free and open-source download manager written in Python
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
pyLoad is a free and open-source download manager written in Python
pyLoad is a free and open-source download manager written in Python
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
libp2p-rust is the official rust language Implementation of the libp2p networking stack
libp2p-rust is the official rust language Implementation of the libp2p networking stack
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Directus is a real-time API and App dashboard for managing SQL database content
Directus is a real-time API and App dashboard for managing SQL database content
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Heap buffer overflow in WebCodecs in Google Chrome prior to 145
Heap buffer overflow in WebCodecs in Google Chrome prior to 145
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network
---METADATA---
VENDOR: Microsoft
PRODUCT: Windows Admin Center
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
A missing authorization vulnerability in Microsoft Windows Admin Center allows an authenticated attacker to elevate privileges over the network.
Executive Summary:
A privilege escalation vulnerability in Microsoft Windows Admin Center poses a significant risk by allowing authorized users to gain unauthorized administrative control.
Vulnerability Details
CVE-ID: CVE-2026-35438
Affected Software: Microsoft Windows Admin Center
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is an improper authorization vulnerability where an authenticated attacker can leverage existing network access to escalate their privilege level within the Windows Admin Center environment.
Business Impact
Successful exploitation allows an attacker to gain elevated privileges, potentially leading to full system compromise or unauthorized access to sensitive administrative functions. With a CVSS score of 8.3, this high-severity vulnerability could facilitate lateral movement and the exfiltration of sensitive organizational data.
Remediation Plan
Immediate Action: Identify and apply the latest security patches provided by Microsoft to the Windows Admin Center instances.
Proactive Monitoring: Review access logs for unusual administrative activity or unexpected privilege escalation events occurring within the management console.
Compensating Controls: Restrict access to the Windows Admin Center interface to trusted administrative network segments only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for complete control over administrative interfaces, it is imperative that organizations prioritize the deployment of vendor-supplied patches. Administrators should audit current access controls to ensure the principle of least privilege is strictly enforced while awaiting the patch.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally
---METADATA---
VENDOR: Microsoft
PRODUCT: Office
AFFECTED_VERSIONS: Microsoft 365 Apps for Enterprise (16.0.1+); Office 2019 (19.0.0+); Office LTSC 2021 (16.0.1+); Office LTSC 2024 (16.0.0+)
---END_METADATA---
Description Summary:
A use-after-free vulnerability in Microsoft Office allows authorized local attackers to elevate privileges.
Executive Summary:
A high-severity use-after-free vulnerability in Microsoft Office enables authorized local attackers to achieve privilege escalation.
Vulnerability Details
CVE-ID: CVE-2026-35436
Affected Software: Microsoft Office
Affected Versions: Microsoft 365 Apps for Enterprise (16.0.1+); Office 2019 (19.0.0+); Office LTSC 2021 (16.0.1+); Office LTSC 2024 (16.0.0+)
Vulnerability: This is an improper access control vulnerability in Microsoft Office Click-To-Run (C2R) that allows an authorized local attacker to elevate privileges on an affected host.
Business Impact
With a CVSS score of 8.8, this flaw allows an attacker who already has local access to gain higher-level permissions, potentially leading to full system compromise. This could result in the theft of sensitive data or the installation of persistent malicious software on the host.
Remediation Plan
Immediate Action: Apply the Microsoft security update referenced in the official Microsoft CVE-2026-35436 Advisory immediately.
Proactive Monitoring: Monitor local system logs for unusual process execution or attempts to modify system files by standard user accounts.
Compensating Controls: Enforce the principle of least privilege by limiting the administrative rights of standard users on shared workstations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, Microsoft reports that the vulnerability was not publicly disclosed and was not exploited in the wild.
Analyst Recommendation
Administrators should prioritize deploying the latest security updates for all versions of Microsoft Office listed. Given the potential for privilege escalation, patching is essential to maintain the security posture of the endpoint environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra ID Entitlement Management allows unauthorized attackers to perform spoofing over...
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra ID Entitlement Management allows unauthorized attackers to perform spoofing over a network.
---METADATA---
VENDOR: Microsoft
PRODUCT: Entra ID
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra ID Entitlement Management allows unauthorized attackers to perform spoofing over a network.
Executive Summary:
A critical SSRF vulnerability in Microsoft Entra ID enables unauthenticated attackers to perform network spoofing, potentially leading to unauthorized access and internal resource manipulation.
Vulnerability Details
CVE-ID: CVE-2026-35431
Affected Software: Microsoft Entra ID
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This SSRF vulnerability exists in the Entitlement Management component. It allows an unauthorized attacker to force the server to make requests to unintended locations, facilitating spoofing attacks.
Business Impact
With a CVSS score of 10.0, this vulnerability presents an existential threat to cloud identity security. Unauthorized access to internal services or spoofing of trusted entities can lead to widespread identity compromise and unauthorized data exfiltration.
Remediation Plan
Immediate Action: Apply all relevant security patches and configuration updates provided by Microsoft for Entra ID.
Proactive Monitoring: Audit logs for unusual outbound requests originating from the Entra ID environment and monitor for suspicious authentication patterns.
Compensating Controls: Implement strict egress filtering on cloud resources to prevent the server from reaching unauthorized internal or external endpoints.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Apr 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The extreme severity of this SSRF vulnerability necessitates an immediate audit and update of all Entra ID environments. Organizations must prioritize applying vendor-supplied patches to ensure the integrity of their identity infrastructure.
Update Microsoft Entra ID to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges ove...
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network
---METADATA---
VENDOR: Azure
PRODUCT: Privileged Identity Management
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
An authorization bypass vulnerability in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
Executive Summary:
An authorization bypass in Azure Privileged Identity Management (PIM) allows authorized attackers to escalate their privileges.
Vulnerability Details
CVE-ID: CVE-2026-35430
Affected Software: Azure Privileged Identity Management
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an authorization bypass flaw involving a user-controlled key. An authorized attacker can manipulate this key to gain elevated privileges within the Azure environment.
Business Impact
Unauthorized privilege escalation within an identity management system is a critical security event. With a CVSS score of 8.8, this vulnerability could allow an attacker to gain administrative control over cloud resources, leading to extensive data loss or system disruption.
Remediation Plan
Immediate Action: Apply all relevant security updates provided by Microsoft for Azure PIM.
Proactive Monitoring: Audit PIM access logs for anomalous privilege elevation requests or unauthorized configuration changes.
Compensating Controls: Enforce the principle of least privilege and utilize Conditional Access policies to restrict administrative actions.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security administrators must treat this as a high-priority issue. Ensure that all patches related to Azure PIM are applied immediately and that activity logs are reviewed for signs of unauthorized privilege changes.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Inappropriate implementation in V8 in Google Chrome prior to 145
Inappropriate implementation in V8 in Google Chrome prior to 145
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A command injection vulnerability in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
A command injection vulnerability in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
---METADATA---
VENDOR: Microsoft
PRODUCT: Azure Cloud Shell
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A command injection vulnerability in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
Executive Summary:
An unauthorized command injection flaw in Azure Cloud Shell poses a critical risk by allowing attackers to execute commands and perform spoofing.
Vulnerability Details
CVE-ID: CVE-2026-35428
Affected Software: Microsoft Azure Cloud Shell
Affected Versions: See vendor advisory
Vulnerability: This vulnerability is caused by improper neutralization of special elements used in a command, allowing an unauthenticated attacker to inject malicious commands into the environment.
Business Impact
A CVSS score of 9.6 underscores the severity of this vulnerability, as it allows attackers to bypass intended security constraints. Successful exploitation could lead to full control over the Cloud Shell session, enabling lateral movement within the Azure tenant or the deployment of malicious resources.
Remediation Plan
Immediate Action: Update Azure Cloud Shell to the latest version as provided by Microsoft.
Proactive Monitoring: Monitor Cloud Shell usage logs for unusual or unauthorized command strings and unexpected session activity.
Compensating Controls: Restrict access to Cloud Shell to authorized personnel only and utilize Azure Policy to enforce tighter security controls on user sessions.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of May 7, 2026, there is no public information indicating active exploitation of this vulnerability. Nevertheless, the ability to inject commands makes this a critical target for attackers.
Analyst Recommendation
Apply the vendor-provided updates immediately. Due to the potential for command injection and spoofing, perform a thorough review of existing Cloud Shell sessions to identify any signs of unauthorized interaction.
Update Azure Cloud Shell to the latest version. Monitor for exploitation attempts and review access logs.
Inappropriate implementation in WebAssembly in Google Chrome prior to 145
Inappropriate implementation in WebAssembly in Google Chrome prior to 145
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Inappropriate implementation in CSS in Google Chrome prior to 145
Inappropriate implementation in CSS in Google Chrome prior to 145
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Apache
PRODUCT: Directory LDAP API
AFFECTED_VERSIONS: Apache Directory LDAP API version 2.1.7 and earlier
---END_METADATA---
Description Summary:
The Apache Directory LDAP API client fails to verify the hostname during TLS certificate validation, enabling man-in-the-middle attacks.
Executive Summary:
Apache Directory LDAP API is vulnerable to man-in-the-middle attacks because it does not properly verify LDAP server hostnames during the handshake.
Vulnerability Details
CVE-ID: CVE-2026-35563
Affected Software: Apache Directory LDAP API
Affected Versions: Apache Directory LDAP API version 2.1.7 and earlier
Vulnerability: This is a high-severity vulnerability (CWE-297) where the client validates the certificate chain but fails to confirm that the certificate matches the specific LDAP hostname. This allows an attacker to present a valid certificate for a different server to impersonate the legitimate LDAP server.
Business Impact
With a CVSS score of 8.5, this flaw allows attackers to intercept or manipulate LDAP traffic. This can lead to the exposure of credentials, unauthorized access to directory services, or the compromise of authentication flows within the enterprise network.
Remediation Plan
Immediate Action: Upgrade to the latest available version of the Apache Directory LDAP API that enforces strict hostname verification.
Proactive Monitoring: Monitor for suspicious LDAP traffic patterns or certificate mismatch alerts if your monitoring tools are capable of inspecting encrypted traffic.
Compensating Controls: Ensure that all LDAP traffic is routed through encrypted tunnels or use mutual TLS (mTLS) with strict certificate pinning where supported.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The failure to verify hostnames in security-critical libraries is a significant oversight. Organizations relying on Apache Directory LDAP API should update their dependencies immediately to ensure proper hostname validation is in place and to secure their authentication infrastructure.