Security Vulnerabilities
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
CVSS Score
1.9
EPSS Score
0.001
Published
2026-06-03
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
CVSS Score
9.3
EPSS Score
0.004
Published
2026-06-03
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.004
Published
2026-06-03
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.004
Published
2026-06-03
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.004
Published
2026-06-03
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.2
EPSS Score
0.002
Published
2026-06-03
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.3
EPSS Score
0.002
Published
2026-06-03
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.2
EPSS Score
0.002
Published
2026-06-03
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.3
EPSS Score
0.003
Published
2026-06-03
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-06-03