CVE-2026-10588
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVSS
4.4
Medio
EPSS
—
KEV
—
Exploit Today
0
0-100
Publicado: 16 jul 2026 · Última mod.: 16 jul 2026 · CWE-497
Sin historial EPSS suficiente todavía.
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-551317.1 ALT87.8%
——26A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.2dCVE-2026-344138.6 ALT84.9%
——25Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media directories including creating directories, uploading files, renaming files, duplicating files, overwriting files, and deleting files, which can be chained with path traversal and extension blocklist vulnerabilities to achieve remote code execution and arbitrary file read.2dCVE-2026-414595.3 MED52.5%
——16Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value rendered in the HTML response, which enables exploitation of path-dependent vulnerabilities such as relative path traversal in connector.php.2dCVE-2025-341715.3 MED42.2%
——13CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.2dCVE-2025-464216.8 MED39.9%
——12A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.17dCVE-2026-148089.8 CRÍ39.9%
——12Prog
Management System developed by PROG MIS has a Exposure of Sensitive
Information vulnerability, allowing unauthenticated remote attackers to view
a specific page and obtain the database account and password.10d