Advisory

Threat actors are exploiting the legitimate update mechanism of Microsoft ClickOnce applications, particularly through `.appref-ms` files, to maintain persistence, bypass security controls, and deliver updated malicious payloads without requiring elevated privileges or user re-authorization on Windows systems.

Flowise versions before 2.1.4 are critically vulnerable to configuration injection (CVE-2024-58351) via the `overrideConfig` option in both its frontend web integration and backend Prediction API, which, due to a bypassable `vm2` sandbox, allows attackers to achieve remote code execution, sandbox escape, denial of service, server-side request forgery, prompt injection, and server variable/data exfiltration.

Threat actors are leveraging Microsoft's ClickOnce technology, designed for simplified application deployment, as an attractive vector to spread malware, allowing for easy distribution, minimal user interaction, and installation without elevated privileges on Windows systems.

An authentication logic flaw in Cap-go versions prior to 12.128.2 allows attackers to register an account with a victim's unverified email address, then enable two-factor authentication on this pre-registered account to gain full control, read/modify data, enforce organization-level policies, and deny the legitimate user access.

Cap-go versions prior to 12.128.2 are susceptible to an authentication bypass vulnerability (CVE-2026-56073) in OTP verification that allows attackers to manipulate server responses to falsely mark verification successful, leading to unauthorized 2FA enablement and subsequent account takeover.

A critical missing authorization vulnerability, CVE-2026-48582, in Microsoft Exchange Online allows an already authenticated attacker to elevate their privileges over the network, potentially leading to unauthorized access to sensitive data or configuration changes within affected organizations.

A critical improper authentication vulnerability, CVE-2026-45480, in Microsoft Azure Active Directory allows an unauthorized attacker to bypass authentication mechanisms and elevate privileges over a network, potentially leading to full administrative control of Azure AD and associated resources.

An unauthenticated attacker can trigger a denial-of-service condition in applications using the Faraday Ruby library by sending deeply nested query parameters (CVE-2026-54297), leading to `SystemStackError` and application crashes due to uncontrolled recursion.

A stored cross-site scripting (XSS) vulnerability, identified as CVE-2026-54527, in the `jupyterlab-git` JupyterLab extension (versions >= 0.30.0b3, < 0.54.0a1), specifically in `PlainTextDiff.ts`, allows an adversary with Git commit access to execute arbitrary JavaScript in a victim's browser and achieve Remote Code Execution (RCE) on the JupyterLab server by crafting a malicious filename in a Git commit that, when viewed as a rename diff, triggers the XSS payload to steal `_xsrf` cookies, open a terminal, and execute arbitrary shell commands to exfiltrate data.

An authenticated user can bypass the admin-configured `excluded_paths` security control in `jupyterlab-git` versions up to 0.53.0 by exploiting a case-sensitivity flaw on case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), allowing unauthorized read access to git history and file content in explicitly excluded directories.

The `Oj.dump` function in the Ruby `oj` gem, when operating in object mode, is vulnerable to a heap buffer overflow (CVE-2026-54896) when serializing `Exception` objects with an excessively large `:indent` value, leading to memory corruption and potential denial of service or remote code execution.

A heap use-after-free vulnerability (CVE-2026-54897) exists in `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) in the `oj` Ruby gem, allowing an attacker to cause application crashes or unpredictable behavior when a Ruby block yielded during iteration reentrantly calls `doc.close` or `d.close`.

The `Oj.dump` function in the `Oj` Ruby gem is vulnerable to a stack-based buffer overflow (CVE-2026-54502) due to improper validation of the `:indent` parameter, allowing an attacker to trigger a process crash or potentially remote code execution by providing an excessively large integer value, affecting all `Oj` gem versions prior to `3.17.2`.

A critical vulnerability (CVE-2026-53488) exists in the containerd CRI plugin where image configuration `LABEL` instructions are propagated to containers without validation, allowing an attacker to inject and execute arbitrary commands with host-root privileges on the underlying host when a maliciously crafted container image is pulled and processed by specific plugins.

A high-severity vulnerability (CVE-2026-53489) in containerd's CRI plugin allows an unprivileged attacker to read arbitrary files on the host system by crafting a malicious checkpoint with a symlink that `containerd` follows during `container.log` restoration, enabling data exfiltration via `kubectl logs`.

A high-severity vulnerability (CVE-2026-53492) in containerd's CRI implementation allows an attacker with pod creation permissions to smuggle arbitrary Container Device Interface (CDI) annotations during container restoration, bypassing Kubernetes resource allocation and enabling unauthorized device and host mount injection into the restored container.

Stanza, an NLP library, is vulnerable to remote code execution (CVE-2026-54499) due to an unsafe fallback mechanism when loading PyTorch model files, allowing an attacker who can place a malicious pretrain or model file to achieve arbitrary code execution on systems processing NLP pipelines, leading to credential theft, backdoors, data exfiltration, and lateral movement.

An unauthenticated information disclosure vulnerability (CVE-2023-54357) in the Joomla com_booking component version 2.4.9 allows attackers to enumerate user accounts, including names, usernames, and email addresses, by exploiting the getUserData function via specific GET requests.

A Server-Side Request Forgery (SSRF) vulnerability exists in Hugo versions 0.162.0 through 0.163.0, where the 'security.http.urls' policy designed to deny requests to loopback, internal, and cloud-metadata IPv4 literals could be bypassed as the policy only matched dotted-decimal notation, allowing alternate IPv4 encodings (integer, hex, octal) to pass, enabling build-time server-side requests to internal services and cloud-metadata endpoints when untrusted or data-derived URLs are passed to 'resources.GetRemote'.

An unauthenticated API endpoint, `GET /api/pages/nested`, in Alchemy CMS versions up to 8.2.5 (including all 8.x versions prior to a fix and all 7.x versions up to 7.4.14), fails to enforce authorization and scoping checks, allowing any anonymous user to retrieve the complete page tree, encompassing restricted and unpublished pages, and, with `?elements=true`, the full content of these sensitive pages, completely bypassing intended access controls and leading to unauthorized information disclosure.

An unauthenticated attacker can exploit CVE-2017-20267, an SQL injection vulnerability in Joomla! Component Calendar Planner 1.0.1, by sending malicious GET requests to the 'events' view via the 'category_id' parameter, allowing for sensitive database information extraction.

An SQL injection vulnerability, CVE-2017-20266, in Joomla SP Movie Database version 1.3 allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the `searchword` parameter in GET requests to the `searchresults` view, enabling extraction of sensitive database information.

An SQL injection vulnerability, CVE-2017-20265, in Joomla! Component Flip Wall 8.0 allows unauthenticated attackers to execute arbitrary SQL queries via malicious GET requests to the `wallid` parameter, enabling the extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20264) in Joomla! Component Sponsor Wall version 8.0 allows attackers to execute arbitrary SQL queries by injecting malicious code into the `wallid` parameter of GET requests to `index.php`, leading to the extraction of sensitive database information such as credentials and configuration data.

An unauthenticated SQL injection vulnerability (CVE-2017-20263) in Joomla! Component FocalPoint Pro/Free version 1.2.3 allows attackers to execute arbitrary SQL queries via a crafted 'id' parameter in GET requests, leading to sensitive database information disclosure.

An unauthenticated attacker can exploit CVE-2017-20261, a critical SQL injection vulnerability in Joomla! Component Bargain Product VM3 1.0, by injecting malicious code into the 'product_id' parameter within GET requests to the 'brainy' or 'alice' views, allowing them to execute arbitrary SQL queries and extract sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20259) in Joomla OSDownloads version 1.7.4 allows attackers to execute arbitrary SQL queries via a crafted GET request to index.php, extracting sensitive database information like credentials and configuration data.

Unauthenticated attackers can exploit an SQL injection vulnerability (CVE-2017-20258) in Joomla! Component RPC Responsive Portfolio 1.6.1 by injecting malicious code through the 'id' parameter in GET requests, allowing the execution of arbitrary SQL queries and extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20257) in Joomla! Component Quiz Deluxe 3.7.4 allows attackers to execute arbitrary SQL commands and extract sensitive information via the `ajaxaction.flag_question` task using `stu_quiz_id` or `flag_quest` parameters.

CVE-2017-20256 describes an SQL injection vulnerability in Joomla Survey Force Deluxe 3.2.4 that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'invite' parameter in GET requests, enabling the extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20255) in Joomla! Component JB Visa 1.0 allows attackers to execute arbitrary SQL queries by injecting malicious code via the 'visatype' parameter in GET requests to 'index.php?option=com_bookpro&view=popup', leading to the extraction of sensitive database information including credentials.

An unauthenticated attacker can exploit CVE-2017-20254, an SQL injection vulnerability in the Joomla! Component User Bench 1.0, by sending crafted HTTP GET requests to extract sensitive database information including credentials and configuration data.

An unauthenticated SQL injection vulnerability (CVE-2017-20253) in Joomla! Component My Projects 2.0 allows attackers to execute arbitrary SQL queries via the 'VerAyari' parameter, leading to the extraction of sensitive database information including credentials and system data.

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability (CVE-2017-20252) that allows unauthenticated attackers to execute arbitrary SQL commands through the `plname` parameter in crafted GET requests to `index.php?option=com_nge&view=config`, leading to the extraction of sensitive database information.

A local attacker can exploit CVE-2016-20095, an unquoted service path vulnerability in Matrix42 Remote Control Host version 3.20.0031, to achieve arbitrary code execution with SYSTEM privileges by placing a malicious executable named 'Program.exe' in the 'C:\Program Files\' directory, leading to privilege escalation when the vulnerable service starts.

An unquoted service path vulnerability, CVE-2016-20089, in Iperius Remote version 1.7.0 allows a local attacker to execute arbitrary code with SYSTEM privileges by placing a malicious executable in a specific directory when the legitimate service path contains spaces, enabling privilege escalation upon service restart or system reboot.

Adversaries can abuse the Azure VM Managed Run Command feature (MICROSOFT.COMPUTE/VIRTUALMACHINES/RUNCOMMANDS/WRITE) to achieve code execution as System or root and establish persistence on Azure Virtual Machines or Virtual Machine Scale Sets by an unusual identity, potentially evading detections focused solely on action-based Run Commands.

A critical authorization bypass vulnerability exists in the `AuthorizeActionFilter` class within the DotVVM framework, failing to perform any authorization checks and allowing attackers to bypass intended access restrictions without specific exploitation techniques, impacting all users relying on `AuthorizeActionFilter` for security. Patched versions include DotVVM 4.3.15, 4.2.11, and 5.0.0-preview09; `AuthorizeAttribute` can be used as a workaround.

The undici library, when using `Socks5ProxyAgent`, is vulnerable to cross-origin request routing if a single connection pool is reused across different origins, potentially misdirecting requests and credentials, trusting responses from the wrong origin, and silently downgrading HTTPS requests to HTTP (CVE-2026-6734).

The `undici` WebSocket client is vulnerable to CVE-2026-12151, a high-severity denial of service attack where a malicious WebSocket server can stream numerous small continuation frames that bypass `maxPayloadSize` checks, causing unbounded memory growth and exhaustion in affected client processes.

An unauthenticated attacker can exploit CVE-2026-55882 in Tilt HUD server versions 0.19.5 through 0.37.3, when exposed on a non-loopback address, by accessing the `/debug/pprof` endpoints to read sensitive process memory, including session and API server tokens, and to degrade application performance through prolonged CPU profiling or tracing.

An attacker can exploit CVE-2026-55883, a Cross-site WebSocket Hijacking vulnerability in Tilt versions 0.24.0 through 0.37.3, by acquiring an unauthenticated CSRF token or bypassing Origin header checks, to establish a WebSocket connection to a network-exposed Tilt HUD and exfiltrate sensitive developer session state, Tiltfile contents, and resource statuses.

The `network-ai` package, versions prior to 5.9.1, is vulnerable to a critical command injection flaw (CVE-2026-54051) where the `ShellExecutor` component fails to properly neutralize shell metacharacters when processing commands, allowing an attacker to achieve arbitrary command execution as the orchestrator process by bypassing allowlist controls.

Threat actors are performing create, read, update, or delete (CRUD) operations against Azure VM or VM Scale Set extensions (e.g., CustomScript, DSC) from an anomalous source Autonomous System (AS) number, enabling high-privilege code execution and persistence on guest operating systems (SYSTEM on Windows, root on Linux) by abusing compromised Azure identities.

A remote, unauthenticated attacker can exploit a vulnerability in Gitea to bypass existing security measures, potentially leading to unauthorized access, privilege escalation, or data manipulation within the application.

A vulnerability in the vim text editor allows a remote, unauthenticated attacker to perform a Denial of Service attack by exploiting a weakness to disrupt the service without requiring prior authentication.

A vulnerability in the libssh2 library allows a remote, unauthenticated attacker to perform a Denial of Service (DoS) attack or disclose sensitive information, potentially leading to service disruption or unauthorized data exposure.

Multiple vulnerabilities have been discovered in the expat XML parser library that can be exploited by a local attacker, potentially leading to a Denial of Service condition or allowing for arbitrary code execution on the affected system.

An authenticated remote attacker can exploit multiple vulnerabilities in Google Cloud Platform, specifically within GKE containerd, to achieve arbitrary code execution, bypass security measures, manipulate data, disclose confidential information, or cause a denial-of-service condition.

A remote, authenticated attacker can exploit multiple vulnerabilities in pgAdmin to achieve arbitrary code execution with user or administrator privileges, bypass security measures, perform SQL Injection and Cross-Site Scripting attacks, redirect users to malicious websites, disclose sensitive information, and manipulate data. This comprehensive set of capabilities allows for significant compromise of system integrity, confidentiality, and potentially availability, posing a high risk to affected environments.

A remote, anonymous attacker can exploit a vulnerability in OpenBSD to disclose sensitive information, potentially leading to unauthorized data exposure.

The CrowdStrike 2026 Technology Threat Landscape Report highlights the pervasive targeting of the technology sector by China-nexus and eCrime adversaries, employing tactics like password spraying, vulnerability exploitation, supply chain compromises (e.g., Axios npm package, GitHub repositories), and malware distribution (macOS info stealers via OpenClaw lures) to achieve intelligence collection, intellectual property theft, and financial extortion.

Threat actors can abuse Microsoft's ClickOnce technology, which allows for simplified application distribution and installation with minimal user interaction and no administrative privileges, to easily spread malware and bypass traditional security controls through a 'click once' deployment.

CVE-2026-47647 describes a critical improper access control vulnerability in Microsoft Dynamics 365 that allows an authorized attacker to elevate privileges over a network, potentially leading to full compromise of the affected system.

An unauthenticated attacker can exploit a vulnerability in the PHP JWT Library's PBES2AESKW::unwrapKey() function when processing JWE tokens that use PBES2-HS*+A*KW algorithms by crafting a JWE with an excessively large 'p2c' (PBKDF2 iteration count) parameter in the JOSE header, forcing the server to perform an unbounded and CPU-intensive PBKDF2 computation, resulting in a CPU-amplification denial of service.

A Time-of-Check/Time-of-Use (TOCTOU) vulnerability exists in the `JWSVerifier` and `JWEDecrypter` components of the `web-token/jwt-framework` and `web-token/jwt-library` PHP packages, allowing an attacker to override the integrity-protected `alg` parameter from the unprotected header, leading to authentication bypass and unauthorized access.

The spomky-labs/otphp library is vulnerable to a denial of service (GHSA-g7m4-839x-ch6v) where an unbounded 'digits' parameter in an otpauth provisioning URI causes a DivisionByZeroError, leading to unhandled fatal errors in applications trying to generate or verify OTPs.

A critical vulnerability, CVE-2026-0755, in npm's gemini-mcp-tool package allows for OS command injection on Windows systems due to improper handling of unquoted cmd.exe metacharacters, and arbitrary local file exfiltration via the @file parser when processing untrusted prompt input, leading to potential remote code execution and sensitive data compromise.

CVE-2026-25865 describes an unquoted search path element vulnerability in Yandex Punto Switcher through version 4.5.0.583, allowing local attackers to execute arbitrary code by placing a malicious `RunDll32.exe` earlier in the system's PATH to hijack the application's insecure `WinExec` call, leading to arbitrary code execution with affected user privileges.

A remote, unauthenticated attacker can exploit an unpatched Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI Docker API versions up to 0.8.9, specifically targeting the `/crawl/stream` endpoint, to read internal network services and cloud-metadata endpoints, potentially exposing sensitive information like IAM credentials.

An attacker can achieve unauthenticated remote code execution (RCE) in Crawl4AI Docker deployments by injecting malicious Chromium launch arguments, such as `--utility-cmd-prefix` and `--no-zygote`, into the `browser_config.extra_args` field of the API request, allowing for arbitrary command execution as the container's runtime user.

An unauthenticated attacker can exploit CVE-2026-55204, a null pointer dereference vulnerability in HAProxy through version 3.4.0, by triggering excessive HPACK dynamic table insertions under memory pressure, causing HAProxy worker processes to crash and resulting in a denial of service.

An integer overflow vulnerability (CVE-2026-55203) in HAProxy through version 3.4.0 allows malicious FastCGI backends to desynchronize the FCGI framing parser, leading to request routing errors, response smuggling, or memory safety issues.

Adversaries are modifying OAuth application redirect URIs (ReplyUrls) in Microsoft Entra ID to intercept OAuth authorization codes and steal tokens, granting unauthorized access without new application registration or user consent.

A sophisticated threat actor, having compromised an existing guest account in Microsoft Entra ID, can establish persistent access and elevate privileges by performing a Guest-to-Member account conversion, which grants full directory read access and bypasses Conditional Access restrictions, enabling stealthy long-term access and reconnaissance.

An attacker with elevated privileges abuses the Microsoft Entra ID Temporary Access Pass (TAP) feature to bypass multi-factor authentication (MFA), gain unauthorized access to target user accounts, and establish persistence by registering new authentication methods.

Attackers are actively exploiting the OAuth device code flow in Microsoft 365 to bypass multi-factor authentication (MFA) and gain initial access, leveraging phishing kits like Kali365 and tradecraft similar to Storm-2372 to harvest MFA-satisfied tokens from non-compliant or attacker-controlled devices, and subsequently establishing persistence through device registration.

Adversaries may create custom administrative roles in Google Workspace to establish persistence with tailored, elevated permissions, which are then assigned to compromised or attacker-controlled accounts to bypass security controls, grant OAuth access, or modify mail routing.

Adversaries leverage the assignment of administrative roles within Google Workspace to an existing or new user/group, establishing persistence and escalating privileges to gain broad control over the tenant, including bypassing single sign-on.

Adversaries with elevated privileges within Google Workspace may delete custom administrative roles to impede security operations, remove delegated administrator access, or obfuscate their activities during an active incident, leading to disrupted delegated administration, loss of security team access, or hindrance of incident response efforts.

PraisonAI's template loader is vulnerable to a path traversal flaw (GHSA-f44v-7qgw-9gh9) when processing GitHub template URIs, allowing an unauthenticated attacker to write arbitrary files or delete arbitrary directories on the system running PraisonAI, leading to corruption of user configuration, project state, or application data.

Kirby CMS versions prior to 4.9.4 and between 5.0.0-alpha.1 and 5.4.3 are vulnerable to a self-cross-site scripting (self-XSS) flaw, CVE-2026-49276, in the writer field, allowing an attacker to inject malicious JavaScript as the target of a link or email link which, if clicked by an authenticated user before saving, will execute in their browser context, potentially making API requests with their permissions, while Panel plugins using the `<k-writer>` component may be vulnerable to stored XSS if they don't sanitize HTML.

An authenticated user can exploit CVE-2026-54005, a high-severity missing authorization vulnerability in Kirby CMS versions <= 4.9.3 and from 5.0.0-alpha.1 to <= 5.4.3, via the `/api/site/find` REST API route to bypass `pages.access` permissions and retrieve sensitive content and metadata from unauthorized pages.

An unauthenticated remote attacker can leverage a missing authorization vulnerability (CWE-862) in the Pipecat development runner's `/ws` WebSocket endpoint to supply a crafted `callSid` in a handshake message, compelling the server to use its configured Twilio, Telnyx, or Plivo credentials to issue authenticated API requests that terminate active calls, resulting in denial of service and credential abuse.

A critical stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-44727, exists in `jupyter_server` versions up to 2.19.0 due to a missing `sandbox` directive in Content-Security-Policy (CSP) headers, allowing authenticated attackers to craft malicious notebooks that exfiltrate victim tokens and achieve kernel Remote Code Execution (RCE) when viewed.

A critical external initialization vulnerability (CVE-2026-54003) in Kirby CMS allows unauthenticated attackers to create an initial admin account on sites running behind a reverse proxy, specifically when the proxy utilizes `Forwarded: for=...`, `X-Client-IP`, or `X-Real-IP` headers, bypassing Kirby's `isLocal` check and enabling remote Panel installation with full administrative access.

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability (CVE-2026-8024) in ibaPDA (versions prior to 8.14.0) or ibaDatCoordinator (versions prior to 4.0.7) to gain full access to the affected systems, potentially leading to arbitrary code execution and system compromise.

A high-severity vulnerability in dadrus/heimdall (versions <= 0.17.16) enables attackers to spoof client IP addresses by injecting unvalidated or malformed values into `Forwarded` or `X-Forwarded-For` HTTP headers, potentially bypassing access controls or propagating malicious IP data to upstream services when `trusted_proxies` is configured.

A command injection vulnerability (CVE-NONE) exists in PraisonAI's `praisonaiagents` package (versions <= 1.6.48) where unsanitized LLM-controlled parameters are directly interpolated into IMAP SEARCH commands, allowing attackers to craft malicious prompts to inject arbitrary IMAP commands, leading to unauthorized email exfiltration, deletion, or denial-of-service when email tools are configured.

A critical command injection vulnerability exists in the `npm:praisonai` package versions >= 1.2.3 and <= 1.7.1, where the `SandboxExecutor`'s `allowedCommands` policy is bypassed by allowing arbitrary shell command chaining after an allowlisted command, leading to remote code execution with the PraisonAI process privileges.

The npm package `praisonai` versions 1.5.1 through 1.7.1 contains a command injection vulnerability (GHSA-5jv7-2mjm-h6qj) in its `utility-tools.shell()` helper, which allows attackers to bypass a 'safe read-only' command allowlist by appending arbitrary shell commands with metacharacters after an allowed command, leading to arbitrary code execution with the PraisonAI process privileges.

A policy bypass vulnerability in PraisonAI (CVE-NONE) allows untrusted recipes to self-approve and execute default-denied critical shell tools, such as `execute_command`, by declaring them in `workflow.yaml` instead of `TEMPLATE.yaml requires.tools`, leading to arbitrary command execution with the privileges of the PraisonAI process.

An incomplete fix in PraisonAI's `praisonai serve a2u` command leaves the A2U Agent-to-User event stream server unauthenticated by default, potentially exposing sensitive agent event streams to any attacker who can reach the server, bypassing intended authentication mechanisms for versions `4.5.115` to `4.6.60`.

A high-severity authentication bypass vulnerability in PraisonAI versions prior to 4.6.61 allows unauthenticated attackers to invoke any registered agent by setting the `PRAISONAI_CALL_AUTH=disabled` environment variable, potentially leading to arbitrary code execution or system compromise.

Nodemailer versions up to 9.0.0 are vulnerable to arbitrary local file read and full-response Server-Side Request Forgery (SSRF) when handling untrusted input for the message-level `raw` option, bypassing intended security flags and allowing sensitive content to be exfiltrated via an attacker-controlled recipient.

A vulnerability in undici's ProxyAgent, when configured with a SOCKS5 proxy, causes the `requestTls` option to be silently dropped. This bypasses user-configured TLS certificate validation settings (e.g., custom CAs), allowing HTTPS connections through the SOCKS5 tunnel to fall back to the Node.js default trust store. This flaw enables Man-in-the-Middle (MITM) attacks, where any publicly-trusted certificate for the target hostname would be accepted, compromising the intended certificate pinning and allowing attackers to read or tamper with HTTPS traffic.

The npm `praisonai` package's TypeScript `AgentOS` HTTP server defaults to `0.0.0.0` and exposes unauthenticated API endpoints (`/api/agents`, `/api/chat`), allowing attackers to disclose agent configurations and invoke agents without authorization, leading to potential data exfiltration, unauthorized actions, and resource consumption.

A critical vulnerability in PraisonAI's `multiedit` tool, affecting versions prior to 4.6.61, enables threat actors to achieve arbitrary file read and write capabilities by influencing LLM agent tool arguments, leading to sensitive data exfiltration and potential remote code execution.

Praisonai-platform versions up to and including 0.1.4 are vulnerable to a critical authentication bypass stemming from a hardcoded JWT signing secret ('dev-secret-change-me') and a bypassed production guard, allowing unauthenticated attackers to forge JSON Web Tokens (JWTs) and impersonate any user, leading to complete access, privilege escalation to workspace owner, and potential resource destruction.

The `praisonai-platform` package, versions 0.1.4 and below, is critically vulnerable to authentication bypass and privilege escalation due to a hardcoded default JWT signing secret (`dev-secret-change-me`) that is inadvertently enabled in default deployments, allowing an unauthenticated attacker to forge JWTs and impersonate any user.

Sophos X-Ops discovered that Hola Browser version 1.251.91.0 was distributed with an undeclared crypto-mining executable, me.exe, due to a supply chain compromise, leading to resource hijacking on affected Windows systems.

Unspecified adversaries are using a Traffic Direction System (TDS) redirect for initial access, followed by encoded PowerShell execution to download payloads like `script.ps1` into the `ApplicationData` directory, and establishing command-and-control (C2) communication via `curl.exe` to suspicious IP addresses such as `144.31.221.82` with defense evasion techniques like post-execution cleanup, designed to operate below traditional detection thresholds.

An unknown threat actor gained continuous administrative access to a senior finance executive's Microsoft Outlook mailbox at a global stock exchange for at least five months, deploying custom infostealers via scheduled tasks and exfiltrating sensitive emails through a Dropbox-based command and control channel after an initial lateral movement event.

Multiple vulnerabilities, including CVE-2026-10883, CVE-2026-10892, and others, have been discovered in Microsoft Edge versions prior to 149.0.4022.53, enabling an attacker to bypass security policies and potentially cause other unspecified security issues within the browser environment.

Multiple vulnerabilities, CVE-2026-45491 and CVE-2026-45591, have been discovered in Microsoft .Net and ASP.NET Core versions, allowing a remote attacker to cause a denial of service and compromise data integrity across Windows, Linux, and macOS platforms.

Multiple vulnerabilities, including CVE-2025-10263, CVE-2026-42487, CVE-2026-42488, CVE-2026-42489, and CVE-2026-42490, have been discovered in Xen, allowing an attacker to achieve privilege escalation, trigger a remote denial of service, and compromise data confidentiality on vulnerable hypervisor instances.

Multiple vulnerabilities, including CVE-2026-45257 (kernel out-of-bounds write) and CVE-2026-49413 (Linux compatibility layer memory mapping), exist in FreeBSD branches 14 and 15, allowing a local unprivileged attacker to achieve privilege escalation.

Multiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been discovered across Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox, enabling unauthenticated attackers to achieve remote arbitrary code execution and compromise data confidentiality.

A critical remote code execution vulnerability, tracked as CVE-2026-44963, has been discovered in Veeam Backup & Replication versions prior to 12.3.2.4854, which could allow an unauthenticated attacker to execute arbitrary code on affected systems, leading to full compromise of the backup infrastructure and potential data exfiltration or destruction.

A critical vulnerability, CVE-2026-8045, has been identified in Schneider Electric EcoStruxure IT Data Center Expert versions prior to 9.1.2, allowing an attacker to achieve unauthorized access to sensitive data and compromise its confidentiality.

Multiple high-severity vulnerabilities discovered in various SAP products, including SQL injection (SQLi), remote indirect code injection (XSS), and security policy bypasses, could allow unauthenticated attackers to compromise sensitive enterprise systems by June 2026.

The Atomic Arch campaign compromises orphaned Arch User Repository (AUR) packages, modifying their PKGBUILDs to install malicious npm/Bun dependencies like 'atomic-lockfile,' which deploy a Linux payload with credential harvesting, eBPF-based stealth, anti-debugging, and data exfiltration capabilities, impacting approximately 1,500 packages.

Multiple vulnerabilities in CloudCharge cloudcharge.se allow attackers to impersonate charging stations, hijack sessions, cause denial of service, and manipulate backend data, impacting energy and transportation sectors.

OpenMed before 1.5.2 is vulnerable to remote code execution (CVE-2026-47117) due to broad substring matching in the PII privacy-filter model loading path, allowing an unauthenticated attacker to execute arbitrary code by supplying a malicious Hugging Face model repository containing custom Transformers code.

HP released a security advisory addressing a critical vulnerability in Poly VVX, Trio 8300, Trio 8500, and Trio 8800 devices, potentially allowing remote control.

Multiple vulnerabilities exist in X.Org X11 and Xwayland, allowing attackers to disclose information, escalate privileges, conduct denial-of-service attacks, and perform unspecified attacks.

A critical vulnerability, CVE-2026-46376, exists in FreePBX due to the use of hard-coded credentials in the User Control Panel (UCP) generic template setup process, allowing an unauthenticated, remote attacker to gain unauthorized access to user accounts and manipulate user settings if default template credentials are not immediately changed by the administrator after enabling UCP.

CVE-2026-25276 describes a memory corruption vulnerability in Qualcomm's Strongbox due to a missing bounds check, potentially leading to arbitrary code execution.

CVE-2026-24092 is a memory corruption vulnerability in Qualcomm products arising from improper validation when processing fastboot commands to set the display mode, potentially leading to arbitrary code execution.

CVE-2026-24091 is a memory corruption vulnerability in Qualcomm devices that occurs when processing fastboot commands with improperly formatted input, potentially leading to code execution.

CVE-2026-24090 is a cryptographic issue in Qualcomm chipsets while processing partition table entries, allowing unauthorized modification of the boot flow due to missing authentication for critical functions.

CVE-2026-24087 is a high-severity memory corruption vulnerability in Qualcomm components that occurs while processing fastboot OEM commands, potentially leading to code execution.

CVE-2026-24085 is a memory corruption vulnerability due to improper initialization of a variable when processing display command line information, potentially leading to a stack-based buffer overflow (CWE-121) and allowing a privileged attacker to achieve code execution.

CVE-2025-59605 is a memory corruption vulnerability in Qualcomm products where processing overly long device identifier strings leads to an out-of-bounds write, potentially allowing for information disclosure, code execution, or denial of service.

CVE-2025-59604 is a memory corruption vulnerability due to invalid writes caused by a null pointer when running a memory copy operation, potentially leading to arbitrary code execution, as reported by Qualcomm.

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability (CVE-2019-25718) that allows attackers to break out of kiosk mode, access the underlying operating system, and potentially cause the device to display incorrect patient monitor information.

Multiple npm packages within the legitimate @redhat-cloud-services namespace have been hijacked with malicious code, posing a supply chain risk.

A stack-based buffer overflow vulnerability (CVE-2026-10292) exists in the strcpy function of /goform/formTaskEdit in UTT HiPER 1200GW up to version 2.5.3-170306, allowing for remote code execution.

Pixa Bank 2.0 is vulnerable to SQL injection, allowing unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter via POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads, potentially leading to the retrieval of user information such as names, email addresses, and phone numbers from the database.

A SQL injection vulnerability exists in code-projects Hotel and Tourism Reservation System version 1.0 due to improper sanitization of the 'tour' GET parameter in the tour.php file, potentially allowing remote attackers to execute arbitrary SQL queries.

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability, tracked as CVE-2018-25433, allowing unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter.

Arm Whois 3.11 contains a buffer overflow vulnerability (CVE-2018-25432) that allows local attackers to execute arbitrary code by overwriting the structured exception handler via a crafted input file.

No-Cms 1.0 is vulnerable to SQL injection (CVE-2018-25431) in the order_by parameter of the manage_privilege export endpoint, allowing authenticated attackers to manipulate database queries and potentially extract sensitive information.

Paroiciel 11.20 contains an SQL injection vulnerability (CVE-2018-25430) that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter, potentially leading to sensitive data extraction.

Paroiciel 11.20 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter, potentially extracting sensitive database information.

Paroiciel 11.20 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter via GET requests to the trec.php endpoint, enabling attackers to extract sensitive database information.

Arm Whois 3.11 is vulnerable to a stack-based buffer overflow (CVE-2018-25427) allowing remote attackers to execute arbitrary code by providing oversized input to the IP address or domain field.

A supply chain attack compromised over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace, distributing a credential-stealing malware variant named 'Miasma' that targets sensitive developer information.

Banana Slides version 0.4.0 contains a path traversal vulnerability (CVE-2026-49136) in the generate_image() function that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check.

CodexBar versions prior to 0.32.0 are vulnerable to insecure temporary file handling, allowing local attackers to access sensitive credentials or tamper with build artifacts due to predictable file paths in the release notarization workflow.

CodexBar versions prior to 0.32.0 contain a privilege escalation vulnerability (CVE-2026-49134) due to a race condition in the CLI installer's temporary file handling, allowing local attackers to execute arbitrary commands as root.

CVE-2026-10288 is a high severity vulnerability in code-projects Hotel and Tourism Reservation System 1.0, allowing remote attackers to bypass authentication via manipulation of the Password argument in the /admin/login.php file.

SourceCodester SEO Meta Tag Extractor 1.0 is vulnerable to server-side request forgery (SSRF) via manipulation of the 'url' argument in the get_headers function of the /index.php file, potentially allowing a remote attacker to make requests to internal or external systems.

This rule detects unusual child process executions originating from web server processes on Linux systems, potentially indicating attackers exploiting web servers for persistence.

Identifies suspicious command executions via a web server on Linux systems, potentially indicating a vulnerability exploitation or remote shell access for persistence.

This rule identifies unusual destination port network activity originating from a web server process on Linux systems, indicating potential web shell activity or unauthorized communication from a web server process to external systems by detecting egress connections from web server processes to non-standard ports while excluding common local IP ranges.

This rule detects potential command execution from a web server parent process on a Linux host, indicating a possible web shell attack where adversaries exploit web server vulnerabilities to execute arbitrary commands.

This rule detects unusual processes spawned from a web server parent process on Linux systems, potentially indicating an attacker attempting to establish persistence, execute malicious commands, or establish command and control channels.

A vulnerability in Laravel allows an attacker to bypass the security policy; specifically, laravel/framework versions 12.x before 12.60.0 and 13.x before 13.10.0 are affected (CVE-2026-48019).

Multiple vulnerabilities in NetApp products, including CVE-2023-0482, CVE-2023-20863, CVE-2024-22257, CVE-2025-23367, CVE-2025-48976, CVE-2025-53816, and CVE-2025-53817, could lead to remote denial of service, data confidentiality breaches, and data integrity breaches.

A vulnerability in Keycloak versions prior to 26.2.14, 26.4.10, and 26.5.5 allows an attacker to cause a breach of data confidentiality and bypass the security policy, as tracked by CVE-2026-2092.

Vitest browser mode is vulnerable to reflected cross-site scripting (XSS) due to the `otelCarrier` query parameter being inserted directly into an inline module script without sanitization, enabling an attacker to craft a browser-runner URL that executes arbitrary JavaScript in the Vitest server origin, potentially leading to remote code execution (RCE).

This rule detects the abuse of Azure Virtual Machine Run Command to execute scripts remotely, correlating Azure Activity Log events with endpoint process starts, identifying instances where adversaries use Run Command to run scripts as SYSTEM or root.

This rule identifies suspicious process start events where the parent process matches Azure Virtual Machine Run Command execution patterns on Windows (PowerShell with `-ExecutionPolicy Unrestricted` and `script?.ps1`) or Linux (waagent running `script.sh` under `/var/lib/waagent/run-command/`), exposing on-guest payloads.

CISA published ICS advisories between May 25 and 31, 2026, addressing vulnerabilities across various vendors including ABB, CP Plus, Eppendorf, Frontier, Jinan USR IOT, KMW, MacGregor, Schneider Electric, and XCharge, impacting industrial control systems and related applications.

The rule detects attempts to clear the kernel ring buffer on Linux systems using the `dmesg` command with options like `-c`, `-C`, `--clear`, or `--read-clear` to evade detection.

Multiple vulnerabilities in JetBrains TeamCity allow an attacker to disclose information, perform a cross-site scripting attack, bypass security measures, and execute arbitrary program code.

A remote, anonymous attacker can exploit multiple vulnerabilities in ImageMagick to cause a denial of service condition, disclose information, and bypass security mechanisms.

A remote, anonymous attacker can exploit a vulnerability in the PostgreSQL JDBC Driver to perform a denial-of-service attack, impacting availability.

Multiple vulnerabilities in IBM Business Automation Workflow can be exploited by an attacker to bypass security measures, conduct a denial of service attack, disclose information, manipulate files, and conduct a cross-site scripting attack.

Multiple vulnerabilities in IBM App Connect Enterprise could allow an attacker to bypass security measures, manipulate data, disclose sensitive information, cause a denial-of-service condition, or perform other unspecified attacks.

This rule detects Linux process executions that reference /etc/kubernetes/manifests in process arguments, which may indicate tampering with static pod manifests for persistence or privilege escalation in Kubernetes environments.

This rule detects Linux process executions that access high-value Kubernetes service-account material, kubeconfig or node PKI paths, or common cloud files, potentially indicating credential theft within in-cluster and hybrid environments.

The creation, modification, or deletion of Kubernetes MutatingWebhookConfigurations or ValidatingWebhookConfigurations by non-system identities can allow attackers to inject malicious sidecars or block security tooling deployments for persistence and defense evasion.

Detects successful AWS AssumeRoleWithWebIdentity where the caller identity is a Kubernetes service account and the source autonomous system organization is not Amazon.com, Inc., potentially indicating a stolen or misused service-account token being used off-cluster.

This rule detects process start events where the parent process is the AWS Systems Manager (SSM) Session Manager worker, which can indicate remote execution and lateral movement by adversaries abusing legitimate AWS credentials.

A local attacker can exploit multiple vulnerabilities in Fujitsu ServerView to escalate privileges on the targeted system.

A local attacker can exploit a vulnerability in Red Hat Enterprise Linux (crun) to escalate their privileges, potentially gaining root access.

A remote, anonymous attacker can exploit a vulnerability in Notepad++ to execute arbitrary program code, potentially leading to system compromise.

A SQL injection vulnerability (CVE-2026-10226) exists in student_management_system_by_php up to version 310d950e09013d5133c6b9210aff9444382d16d1, allowing remote attackers to execute arbitrary SQL commands by manipulating specific parameters in the delete.php file.

NousResearch hermes-agent up to version 0.12.0 is vulnerable to code injection in the _compress_context function of the run_agent.py file, allowing remote exploitation.

nextlevelbuilder GoClaw up to 3.11.3 is vulnerable to remote OS command injection via manipulation of the write_file Tool component's FsBridge.WriteFile function (CVE-2026-10219), with a public exploit available.

A stack-based buffer overflow vulnerability exists in Tenda W12 version 3.0.0.7(4763) in the `set_local_time_0` function, which allows a remote attacker to execute arbitrary code by manipulating the Time argument.

CVE-2025-23167 describes a request smuggling vulnerability in Node.js 20's HTTP parser due to improper header termination, allowing attackers to bypass proxy access controls.

CVE-2026-21711 allows code running under the Node.js permission model without network access to create and expose local IPC endpoints via Unix Domain Sockets, bypassing intended network restrictions and enabling inter-process communication.

CVE-2026-21717 is a vulnerability in V8's string hashing mechanism within Node.js that allows attackers to cause hash collisions via predictable integer-like strings in JSON input, leading to denial-of-service by degrading the performance of the Node.js process.

CVE-2026-42015 is a memory corruption vulnerability due to an off-by-one error in PKCS#12 bag handling in GnuTLS.

A stack-based buffer overflow vulnerability (CVE-2026-10123) exists in TRENDnet TEW-432BRP version 3.10B20 within the formSetDomainFilter function, allowing a remote attacker to execute arbitrary code by manipulating specific arguments in a request to /goform/formSetDomainFilter.

WinMTR 0.91 is vulnerable to a denial-of-service attack where a malformed payload file containing a buffer overflow can crash the application (CVE-2018-25426).

MOGG web simulator Script is vulnerable to SQL injection (CVE-2018-25422), allowing unauthenticated attackers to execute arbitrary SQL commands via the id parameter in play.php, potentially leading to sensitive data extraction.

AiOPMSD Final 1.0.0 is vulnerable to SQL injection via the 'id' parameter in the watch.php script, allowing unauthenticated attackers to send crafted GET requests with SQL payloads to extract sensitive database information.

AiOPMSD Final 1.0.0 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter via GET requests to country.php, enabling extraction of sensitive database information including usernames, database names, and version details.

AiOPMSD Final 1.0.0 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries via the 'q' parameter in search.php, potentially leading to sensitive data extraction.

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability (CVE-2018-25411) that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter in GET requests to email.php, potentially leading to sensitive database information disclosure.

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability (CVE-2018-25409) that allows authenticated attackers to upload malicious PHP files via the fupload parameter through the aksi_pengurus.php endpoint, leading to remote code execution.

Delta Sql version 1.8.2 contains an arbitrary file upload vulnerability (CVE-2018-25412) that allows unauthenticated attackers to upload malicious files via crafted POST requests, potentially leading to remote code execution.

The CIFSwitch vulnerability in the Linux kernel allows an unprivileged user to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges by loading a malicious NSS module.

The GEO my WP plugin for WordPress is vulnerable to SQL Injection (CVE-2026-9757) via the 'swlatlng' and 'nelatlng' parameters, allowing unauthenticated attackers to extract sensitive information from the database by injecting SQL queries into a BETWEEN clause.

The Spectra Gutenberg Blocks WordPress plugin is vulnerable to remote code execution, allowing authenticated attackers with Contributor access or higher to execute arbitrary code by crafting a malicious two-block payload within post content.

CVE-2026-7459 is an authenticated account takeover vulnerability in the Simple History WordPress plugin where a subscriber-level user can read password reset emails and escalate privileges to an administrator account.

A flaw in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 allows a remote attacker to perform SQL injection by manipulating the email argument on the Login Page, potentially leading to unauthorized data access.

A public exploit is available for CVE-2026-29000, a critical authentication bypass vulnerability in pac4j's JWT implementation, allowing attackers to forge admin tokens without a valid signature by exploiting flaws in the library's handling of unsigned tokens and JWE-wrapped tokens.

CVE-2026-41184 is a ServiceAccount token disclosure vulnerability in container logs addressed by a Microsoft security update.

CVE-2026-10110 is a SQL injection vulnerability in code-projects Student Details Management System 1.0, allowing a remote attacker to execute arbitrary SQL commands by manipulating the 'roll' argument in the /index.php file, potentially leading to data breaches and unauthorized access.

An authorization bypass vulnerability exists in praisonai-platform where any member can remove any other member, including the workspace owner, due to missing role checks and owner protection logic, allowing an attacker to lock the legitimate owner out of their own workspace, leading to a permanent denial-of-service and potential workspace takeover (CVE-2026-47409).

Praison AI's praisonai-platform is vulnerable to an insecure direct object reference (IDOR) in the label endpoints (CVE-2026-47414), allowing cross-workspace label modification and information disclosure due to improper validation of label and issue IDs.

PraisonAI versions 4.6.37 and earlier are vulnerable to arbitrary file write due to missing path validation in the `write_file` function when `workspace=None`, allowing an attacker to write attacker-controlled content to arbitrary file paths on the victim's system via a malicious webpage.

The PraisonAI A2A server example is vulnerable to remote code execution due to a combination of factors: the example exposes an A2A server without authentication, binds to 0.0.0.0, and registers a `calculate` tool implemented with Python `eval(expression)`.

PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured, allowing attackers to list, inspect, invoke, and unregister agents due to a fail-open authentication default and a default binding to `0.0.0.0`, as tracked by CVE-2026-47396.

An unauthenticated user can modify existing Formie submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`, affecting versions prior to 2.2.21 and versions 3.0.0 to 3.1.26.

A timestamp handling issue in Stigmem-node's federation peer token validation could cause valid peer tokens to be incorrectly treated as expired, impacting availability and reliability of authenticated federation flows, affecting versions prior to 0.9.0a2.

Stigmem nodes configured with authentication disabled could grant broad read/write/federation capabilities if exposed outside a loopback-only local development environment, leading to privilege escalation if exposed to untrusted networks; version 0.9.0a2 addresses this issue by disabling unauthenticated operations outside of loopback environments.

A remote code execution vulnerability exists in Ouroboros-AI versions prior to 0.39.0, enabling attackers to inject malicious scripts via CLI path variables within a cloned repository's .env file, leading to arbitrary code execution when Ouroboros commands are executed.

A public exploit demonstrates improper privilege management in Apache CouchDB (CVE-2017-12635) leading to privilege escalation, which can be combined with CVE-2017-12636 for remote code execution by modifying server configurations via the HTTP API.

Koel is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of podcast episode enclosure URLs, allowing a remote attacker to inject a malicious URL into the enclosure field of a podcast RSS feed, leading to internal network reconnaissance and potential credential theft; this issue is tracked as CVE-2026-47260.

The amazon-redshift-python-driver versions 2.1.13 and earlier is vulnerable to remote code execution (CVE-2026-8838) due to insufficient validation of server data during query result processing, potentially allowing a rogue server or man-in-the-middle to execute arbitrary code on the client.

Multiple vulnerabilities, including SQL injection and SMTP header injection, have been discovered in AgenticMail API and Core packages, addressed in versions greater than 0.9.31 and 0.9.9 respectively, posing a risk of unauthorized access and control.

A SQL injection vulnerability exists in ezpublish-legacy, specifically in the dfscleanup.php script and the `_getFileList` function of the `eZDFSFileHandlerMySQLiBackend` class, allowing an attacker with local shell access to potentially expose sensitive data such as user credentials.

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability (CVE-2026-10108) in the GET /music/{file_path:path} endpoint, allowing unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check.

MoviePilot v2 is vulnerable to server-side request forgery (SSRF) in the image proxy endpoint, allowing authenticated attackers to request arbitrary URLs, enumerate internal services, and exfiltrate data from internal network resources by bypassing internal network protections.

Agno 2.6.5 is vulnerable to SQL injection in the ClickHouse vector database backend (CVE-2026-10105), enabling attackers to inject arbitrary SQL expressions via malicious metadata in the delete_by_metadata() method, potentially leading to data deletion or information extraction.

The vm2 npm package has a remote code execution vulnerability due to a patch bypass for CVE-2023-37903; the vulnerability occurs because the check for `nesting: true` and `require: false` in `nodevm.js` uses strict equality, which can be bypassed by omitting the `require` option entirely, allowing an attacker to execute arbitrary OS commands.

A sandbox escape vulnerability, CVE-2026-47210, in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI, bypassing Promise-species hardening and exposing a host-originated rejection object to attacker-controlled species logic.

VM2 is vulnerable to a sandbox breakout vulnerability (CVE-2026-47208) that allows attackers to execute arbitrary commands on the host system by manipulating Promise species and escaping the sandbox context.

Gotenberg is vulnerable to a remote denial-of-service (DoS) in multipart `downloadFrom` handling, where a crafted multipart request with multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization, leading to process termination.

Gotenberg's `IsPublicIP` function incorrectly classifies IPv6 6to4, NAT64, and deprecated site-local addresses as public IPs, enabling an unauthenticated attacker to reach internal destinations such as cloud metadata services.

Gotenberg is vulnerable to path traversal (CVE-2026-44829) due to improper sanitization of filenames in zip archives, allowing attackers to write files outside the intended extraction directory by using Windows-style path separators (backslashes) in uploaded filenames, affecting versions up to 8.32.0.

GitHub internal repositories were compromised after an attacker injected malicious code into the Nx Console Visual Studio Code extension (v18.95.0), leading to the exfiltration of approximately 3,800 internal repositories.

Axios is vulnerable to a Prototype Pollution attack that can be escalated into a full Man-in-the-Middle (MITM) attack by injecting a malicious proxy configuration via `Object.prototype.proxy`, allowing attackers to intercept, read, and modify all HTTP traffic, including authentication credentials.

GitHub CLI versions 2.92.0 and earlier incorrectly include authorization headers in API requests to TUF repository mirrors and external hosts when using the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands, potentially exposing sensitive tokens.

TRENDnet TEW-432BRP version 3.10B20 is vulnerable to a stack-based buffer overflow via manipulation of the ip/mask/gateway arguments in the formSetRoute function of the /goform/formSetRoute file, enabling remote attackers to potentially execute arbitrary code.

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the REST API endpoint, allowing unauthenticated attackers to delete arbitrary user accounts due to a flawed permission check and lack of role validation.

Manga-image-translator is vulnerable to remote code execution (CVE-2026-10042) in the shared API server mode due to unsafe deserialization of untrusted pickle data, allowing a remote attacker to execute arbitrary code in the server process.

Detects when a Google Workspace user's organizational unit is changed, potentially indicating an adversary attempting to inherit permissions and gain unauthorized access to resources and applications.

Detection of a renewed suspended user account in Google Workspace, potentially indicating an adversary regaining access to the organization.

Detects an external Google Workspace user account being added to an existing group, potentially allowing adversaries to intercept shared files or emails.

Multiple vulnerabilities in Elastic Kibana allow for privilege escalation, remote denial of service, data breach, server-side request forgery (SSRF), and cross-site scripting (XSS).

This rule detects segfault messages in kernel logs originating from sensitive processes on Linux systems, indicating potential exploitation attempts that could lead to arbitrary code execution or credential access.

DreamMaker by Interinfo is vulnerable to arbitrary file read via relative path traversal, allowing unauthenticated attackers to download arbitrary system files.

DreamMaker by Interinfo is vulnerable to arbitrary file upload, allowing privileged remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server.

A public exploit has been published for CVE-2026-44596, a vulnerability in yamcs-core where the /auth/token authentication endpoint lacks rate limiting, allowing unauthenticated remote attackers to perform unlimited password guessing attempts against any user account, fixed in version 5.12.7.

This rule detects the creation of new inbox forwarding rules in Microsoft 365, which can be abused by attackers to intercept and exfiltrate email data to external addresses.

Microsoft released a security update on May 28, 2026, to address vulnerabilities in Microsoft Edge Stable Channel versions prior to 148.0.3967.96, advising users to apply the necessary updates.

An authenticated remote attacker can exploit a vulnerability in Gogs to execute arbitrary code, potentially leading to complete system compromise.

CVE-2026-46579 describes a vulnerability in the Red Hat OpenShift Router. When a Route is configured with `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend fails to remove `X-SSL-Client-*` headers from incoming requests, allowing unauthenticated attackers to bypass mutual TLS authentication and impersonate client certificate identities.

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.

Detects Microsoft Entra ID sign-in activity where the Microsoft Authentication Broker authenticates using a non-standard user agent, inconsistent with common browser, mobile, or Windows platforms, potentially indicating adversary-in-the-middle or OAuth phishing attacks.

Detects Microsoft Entra ID sign-in activity where the Microsoft Authentication Broker requests the Device Registration Service from a suspicious ASN, indicating potential OAuth phishing or adversary-in-the-middle device registration.

An authenticated attacker can exploit multiple vulnerabilities in the Flatpak package of Red Hat Enterprise Linux to execute arbitrary program code and delete files.

This rule detects when a Microsoft Exchange inbox rule is created or modified with a name composed only of special characters, which adversaries may use to evade detection and hide malicious forwarding or deletion rules.

Successful deployment of a high-risk Azure Virtual Machine extension by an interactive user principal can lead to arbitrary code execution, backdoor account creation, credential harvesting, and persistence on Azure-hosted virtual machines.

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery (CVE-2026-6075) due to missing nonce verification, allowing unauthenticated attackers to trick an administrator into performing unauthorized bulk actions.

A remote, authenticated attacker can exploit a vulnerability in Mautic to perform a SQL injection attack, potentially leading to unauthorized data access or modification.

An authenticated remote attacker can exploit a vulnerability in Hirschmann HiSecOS to escalate privileges, potentially gaining unauthorized access and control over the affected system.

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS), allowing unauthenticated attackers to inject arbitrary web scripts into pages, which execute when a user accesses the injected page, affecting versions up to and including 0.9.0.

The OTP Login With Phone Number, OTP Verification plugin for WordPress versions 1.8.50 through 1.8.60 is vulnerable to authentication bypass due to improper validation of the Firebase session, allowing unauthenticated attackers to authenticate as arbitrary users, including administrators, by supplying a victim's phone number.

A public exploit (EDB-52592) has been published for ZTE H298A and H108N routers, which allows unauthenticated access to sensitive credentials.

A public exploit is available for an authentication bypass vulnerability affecting ZTE ZXHN H188A V6, increasing the risk to unpatched devices.

MixPHP Framework 2.2.17 is vulnerable to remote code execution due to unsafe deserialization, with a public exploit available, increasing the risk for unpatched systems.

A local privilege escalation vulnerability in the Linux Kernel has a published exploit on Exploit-DB, potentially allowing unprivileged users to gain elevated privileges on vulnerable systems.

CVE-2026-46174 describes a vulnerability in AMD Zen2 processors related to improper isolation of shared resources within the operation cache, potentially leading to information disclosure or other security impacts.

CVE-2026-46185 is an out-of-bounds read vulnerability in the SMB client component within the symlink_data() function, potentially leading to information disclosure or denial of service.

Microsoft published information regarding CVE-2026-46153, a vulnerability in 8021q that allows deleting cleared egress QoS mappings.

CVE-2026-46155 describes an out-of-bounds read vulnerability within the smb2_compound_op() function of the SMB client, requiring a security update from Microsoft to address the issue.

CVE-2026-42250 is an off-by-one vulnerability leading to an out-of-bounds write in bzip2, for which Microsoft has released information.

CVE-2026-46163 is a vulnerability in the b43legacy WiFi driver related to a missing bounds check on the firmware key index in the RX path, potentially leading to memory corruption.

CVE-2026-46172 is a vulnerability related to ipv6: xfrm6: release dst on error in xfrm6_rcv_encap(), potentially leading to a denial-of-service condition.

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection (CVE-2025-11993) due to deserialization of untrusted data in the 'import_settings' function, potentially leading to arbitrary code execution if a suitable POP chain is present.

The WP Maps Pro plugin for WordPress is vulnerable to privilege escalation (CVE-2026-8732), allowing unauthenticated attackers to create administrator accounts and take over vulnerable sites.

Multiple vulnerabilities in Red Hat OpenShift Tempo allow an unauthenticated remote attacker to bypass security measures, disclose sensitive information, manipulate data, or cause a denial of service condition.

CubeCart versions before 6.7.0 are vulnerable to reflected cross-site scripting (XSS), allowing an unauthenticated attacker to inject malicious JavaScript payloads via the search functionality, which will be executed in the context of the victim's browser.

A denial-of-service vulnerability exists in strongSwan version 5.9.13 due to a flaw in the eap-radius plugin when built with DAE enabled, allowing remote attackers to exhaust worker threads by sending a crafted RADIUS Access-Request (CVE-2026-35333).

A remote exploit is available for strongSwan 5.9.13 exploiting a heap buffer overflow in the libsimaka EAP-SIM/AKA module (CVE-2026-35330), enabling pre-authentication exploitation via a malformed EAP-SIM/AKA payload.

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation (CVE-2026-8809), allowing an unauthenticated attacker to create an administrator-level user by bypassing validation in versions up to 0.9.2.5 if a specific form is exposed.

Dulwich versions before 1.2.5 are vulnerable to an arbitrary file write leading to remote code execution on Windows systems when cloning or checking out a malicious Git repository due to improper path validation, as tracked by CVE-2026-42305.

CVE-2026-46834 is a vulnerability in the Net Service component of Oracle Database Server versions 23.4.0 to 23.26.2 that allows an unauthenticated attacker with network access via TLS to cause a denial-of-service (DoS) condition.

An unauthenticated attacker with network access via HTTPS can exploit CVE-2026-46829 in Oracle REST Data Services versions 24.2.0 through 26.1.0, leading to a denial of service.

CVE-2026-46828 is an easily exploitable vulnerability in Oracle Payroll versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to perform unauthorized creation, deletion, or modification of critical payroll data, as well as gain unauthorized access to sensitive information.

CVE-2026-46827 allows a low-privileged attacker with network access via HTTP to compromise Oracle Payroll versions 12.2.3 through 12.2.15, leading to a potential system takeover.

CVE-2026-46826 is a vulnerability in Oracle Payroll within Oracle E-Business Suite, where a low-privileged attacker can achieve a system takeover via network access over HTTPS.

CVE-2026-46823 is an easily exploitable vulnerability in Oracle Public Sector Financials (International) versions 12.2.6-12.2.15, allowing a low privileged attacker with network access via HTTPS to gain unauthorized access to critical data or complete access to all accessible data, potentially impacting additional products.

CVE-2026-46821 is an easily exploitable vulnerability in Oracle Financials Common Modules of Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data.

CVE-2026-46820 is a vulnerability in Oracle Financials Common Modules within Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data and modify some data, resulting in a confidentiality and integrity impact.

CVE-2026-46818 is a vulnerability in Oracle Payments within Oracle E-Business Suite (versions 12.2.3-12.2.15) that allows an unauthenticated attacker with network access via HTTPS to compromise the system, leading to unauthorized data access and modification.

CVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.

A vulnerability exists in Oracle REST Data Services versions 24.2.0 to 26.1.0, where a low-privileged attacker with network access via HTTPS can, with human interaction, gain unauthorized data access, modification, and cause a partial denial of service.

CVE-2026-46840 is a critical vulnerability in Oracle REST Data Services (ORDS) that allows an unauthenticated attacker with network access to achieve complete takeover of the service, potentially impacting additional products due to scope change.

CVE-2026-46839 is an easily exploitable vulnerability in Oracle REST Data Services versions 24.2.0 through 26.1.0, allowing a low-privileged attacker with network access via HTTPS to compromise the service, potentially impacting other products and leading to a complete takeover.

CVE-2026-46833 allows an unauthenticated attacker with network access via TLS to compromise the Net Service component of Oracle Database Server versions 23.4.0 through 23.26.2, potentially leading to takeover of the Net Service and significant impact on other products.