Security Vulnerabilities
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-05-27
Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-05-27
When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id']; both pass the agent-supplied string unmodified to download_and_delete_blob(blob_id) (line 344-349), which calls @resource_manager.get_resource(blob_id) and, in an ensure block, @resource_manager.delete_resource(blob_id). Api::ResourceManager forwards the id straight to blobstore.get(id) / blobstore.delete(id). When the director is configured with the local blobstore provider, Blobstore::LocalClient#object_file_path(oid) is File.join(@blobstore_path, oid) (local_client.rb:54-56) with no normalisation, so oid = "../../jobs/director/config/director.yml" resolves outside the blobstore root.
Affected versions:
BOSH Director: All versions prior to v282.1.12
CVSS Score
4.3
EPSS Score
0.001
Published
2026-05-27
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes through format_exception (lines 308-325), which reads exception['blobstore_id'] and also calls download_and_delete_blob. That helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and, in an ensure block, ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix.
Affected versions:
BOSH Director: All versions prior to v282.1.12
CVSS Score
6.8
EPSS Score
0.001
Published
2026-05-27
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
CVSS Score
7.7
EPSS Score
0.002
Published
2026-05-27
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-05-27
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-05-27
Tanium addressed a denial of service vulnerability in Tanium Server.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-27
Tanium addressed an unauthorized code execution vulnerability in Connect.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-05-27
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-05-27