CVE | THREATINT

New

CVE-2026-39309: Trilium Notes: macOS TCC Bypass via Prompt Spoofing: Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the ident...

CVE-2026-35593: Trilium Notes has Local File Inclusion via upload modified file API endpoint: Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileT...

CVE-2026-45585: Windows BitLocker Security Feature Bypass Vulnerability: Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this ...

CVE-2026-34970: MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked: Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.

CVE-2026-34754: MantisBT allows unauthorized users to upload attachments to restricted issues via REST API: Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

Updated

CVE-2026-32177: .NET Elevation of Privilege Vulnerability: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-42822: Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability: Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41105: Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability: Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-42826: Azure DevOps Information Disclosure Vulnerability: Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-35435: Azure AI Foundry Elevation of Privilege Vulnerability: Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

CISA Known Exploited Vulnerabilities

CVE-2026-42897 Microsoft Microsoft: Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

CVE-2026-20182 Cisco Catalyst SD-WAN: Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

CVE-2026-42208 BerriAI LiteLLM: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.

CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

CVE-2026-0300 Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Additional information

EUVD (European Union Vulnerability Database) is maintained by ENISA (European Union Agency for Cybersecurity), under the European Union’s regulatory umbrella, serving as a centralized platform for vulnerability reporting specifically aligned with the EU’s legal frameworks such as NIS2 and the Cyber Resilience Act (CRA)

EUVD complements the CVE system by aggregating CVE data, but also assigns its own EUVD IDs to vulnerabilities, offers enriched metadata tailored for EU policies and compliance, and may highlight vulnerabilities particularly relevant to the European market.

Most vulnerabilities catalogued in EUVD will have both a CVE-ID and an EUVD-ID, acting as cross-references.

euvd.enisa.europa.eu

Source: media.ccc.de/v/eh22-138-panic-at-the-cve-o-theque.

A big "thank you" goes to @pennylane.

Welcome

New

Updated

CISA Known Exploited Vulnerabilities

Additional information