{ "append_only": true, "archive_version": "v0.1", "archived_cve_count": 64, "cves": [ { "affected_label": "ftp / ftp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-0082/", "current_public_safe_latest": false, "cvss_score": 10.0, "cvss_severity": "CRITICAL", "epss_percentile": 0.94026, "epss_score": 0.08027, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-0082", "impact_tags": [ "admin privilege risk" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "ftp", "public_safe_summary": "NVD: CWD ~root command in ftpd allows root access.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-0082.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: ftp / ftp", "source_published_impact": "Source describes admin privilege risk. Possible impact: An attacker may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: CWD ~root command in ftpd allows root access.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-0082/timeline.json", "vendor": "ftp" }, { "affected_label": "sun / nfs", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-0084/", "current_public_safe_latest": false, "cvss_score": 8.4, "cvss_severity": "HIGH", "epss_percentile": 0.33044, "epss_score": 0.00415, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-0084", "impact_tags": [ "admin privilege risk", "privilege boundary review" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "nfs", "public_safe_summary": "NVD: Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-0084.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / nfs", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk. Possible impact: An attacker may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-0084/timeline.json", "vendor": "sun" }, { "affected_label": "eric_allman / sendmail", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-0095/", "current_public_safe_latest": false, "cvss_score": 10.0, "cvss_severity": "CRITICAL", "epss_percentile": 0.96572, "epss_score": 0.16446, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-0095", "impact_tags": [ "command execution review", "admin privilege risk" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sendmail", "public_safe_summary": "NVD: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-0095.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: eric_allman / sendmail; affected version context: 5.58", "source_published_impact": "Source describes command execution risk · admin privilege risk. Possible impact: An attacker may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-0095/timeline.json", "vendor": "eric_allman" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-0209/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.98696, "epss_score": 0.47779, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-0209", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: The SunView (SunTools) selection_svc facility allows remote users to read files.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-0209.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 3.5, 4.0, 4.0.1, 4.0.2, 4.0.3", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The SunView (SunTools) selection_svc facility allows remote users to read files.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-0209/timeline.json", "vendor": "sun" }, { "affected_label": "digital / vms", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1057/", "current_public_safe_latest": false, "cvss_score": 4.6, "cvss_severity": "MEDIUM", "epss_percentile": 0.28493, "epss_score": 0.00368, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1057", "impact_tags": [ "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "vms", "public_safe_summary": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1057.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: digital / vms", "source_published_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1057/timeline.json", "vendor": "digital" }, { "affected_label": "hp / apollo_domain_os", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1115/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.42243, "epss_score": 0.00561, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1115", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "apollo_domain_os", "public_safe_summary": "NVD: Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1115.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: hp / apollo_domain_os; affected version context: sr10.2", "source_published_impact": "This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1115/timeline.json", "vendor": "hp" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1122/", "current_public_safe_latest": false, "cvss_score": 4.6, "cvss_severity": "MEDIUM", "epss_percentile": 0.28493, "epss_score": 0.00368, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1122", "impact_tags": [ "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1122.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.0, 4.0.1", "source_published_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1122/timeline.json", "vendor": "sun" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1197/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.3063, "epss_score": 0.00389, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1197", "impact_tags": [ "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1197.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.1.1", "source_published_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1197/timeline.json", "vendor": "sun" }, { "affected_label": "next / next", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1198/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.32976, "epss_score": 0.00414, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1198", "impact_tags": [ "admin privilege risk", "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "next", "public_safe_summary": "NVD: BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1198.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: next / next", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1198/timeline.json", "vendor": "next" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1211/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.26567, "epss_score": 0.00348, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1211", "impact_tags": [ "admin privilege risk", "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1211.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1211/timeline.json", "vendor": "sun" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1212/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.26568, "epss_score": 0.00348, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1212", "impact_tags": [ "admin privilege risk", "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1212.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.0.3, 4.0.3c", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1212/timeline.json", "vendor": "sun" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1258/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.6802, "epss_score": 0.01355, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1258", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1258.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.1", "source_published_impact": "Source describes remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1258/timeline.json", "vendor": "sun" }, { "affected_label": "next / next", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1391/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.32658, "epss_score": 0.00411, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1391", "impact_tags": [ "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "next", "public_safe_summary": "NVD: Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1391.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: next / next; affected version context: 1.0, 1.0a", "source_published_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1391/timeline.json", "vendor": "next" }, { "affected_label": "next / nex", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1392/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.33909, "epss_score": 0.00425, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1392", "impact_tags": [ "admin privilege risk", "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "nex", "public_safe_summary": "NVD: Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1392.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: next / nex; affected version context: 1.0, 1.0a", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1392/timeline.json", "vendor": "next" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1438/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.32272, "epss_score": 0.00406, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1438", "impact_tags": [ "admin privilege risk", "privilege boundary review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1438.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.0.3, 4.1", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1438/timeline.json", "vendor": "sun" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1467/", "current_public_safe_latest": false, "cvss_score": 10.0, "cvss_severity": "CRITICAL", "epss_percentile": 0.95071, "epss_score": 0.10226, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1467", "impact_tags": [ "admin privilege risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1467.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.3c", "source_published_impact": "Source describes admin privilege risk · remote exposure. Possible impact: A remote attacker may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1467/timeline.json", "vendor": "sun" }, { "affected_label": "bsd / bsd", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1471/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.39273, "epss_score": 0.00507, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1471", "impact_tags": [ "admin privilege risk", "privilege boundary review", "memory safety review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "bsd", "public_safe_summary": "NVD: Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1471.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: bsd / bsd; affected version context: 4.2, 4.3", "source_published_impact": "Source describes admin privilege risk · privilege escalation risk · memory safety review. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1471/timeline.json", "vendor": "bsd" }, { "affected_label": "sun / sunos", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1506/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.83357, "epss_score": 0.02604, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1506", "impact_tags": [ "unauthorized access risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "sunos", "public_safe_summary": "NVD: Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1506.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sun / sunos; affected version context: 3.5, 4.0, 4.0.1, 4.0.2, 4.0.3", "source_published_impact": "Source describes unauthorized access risk · remote exposure. Possible impact: A remote attacker may access resources that should require stronger authorization.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1506/timeline.json", "vendor": "sun" }, { "affected_label": "sgi / irix", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1554/", "current_public_safe_latest": false, "cvss_score": 2.1, "cvss_severity": "LOW", "epss_percentile": 0.33611, "epss_score": 0.00421, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-1999-1554", "impact_tags": [ "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "irix", "public_safe_summary": "NVD: /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-1999-1554.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: sgi / irix; affected version context: 3.3, 3.3.1", "source_published_impact": "Source describes local exposure. Possible impact: This low severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for local exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-1999-1554/timeline.json", "vendor": "sgi" }, { "affected_label": "freebsd / freebsd", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2000-0388/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.7678, "epss_score": 0.01883, "first_observed_at": "2026-06-23T12:19:22.138589+00:00", "id": "CVE-2000-0388", "impact_tags": [ "command execution review", "memory safety review", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T17:23:31.425712+00:00", "latest_item_url": null, "product": "freebsd", "public_safe_summary": "NVD: Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/items/CVE-2000-0388.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 2, "source_published_affected": "vendor/product: freebsd / freebsd; affected version context: 3.0, 3.1, 3.2, 3.3, 3.4", "source_published_impact": "Source describes command execution risk · memory safety review · local exposure. Possible impact: A local user may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2000-0388/timeline.json", "vendor": "freebsd" }, { "affected_label": "meneame / meneame", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3042/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.65862, "epss_score": 0.01263, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3042", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "meneame", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3042.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: meneame / meneame; affected version context: 1", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3042/timeline.json", "vendor": "meneame" }, { "affected_label": "hitachi / groupmax_collaboration_portal", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3043/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.64856, "epss_score": 0.01223, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3043", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "groupmax_collaboration_portal", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3043.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: hitachi / groupmax_collaboration_portal; affected version context: 6_20_e, 6_30_d, 7_20_e, 7_30_d, forum_file_share_6_20_d", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3043/timeline.json", "vendor": "hitachi" }, { "affected_label": "hitachi / hi_ux_we2", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3044/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.73496, "epss_score": 0.01653, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3044", "impact_tags": [ "service availability review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "hi_ux_we2", "public_safe_summary": "NVD: Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3044.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: hitachi / hi_ux_we2", "source_published_impact": "Source describes service availability risk · remote exposure. Possible impact: The affected service may become unavailable or unreliable.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3044/timeline.json", "vendor": "hitachi" }, { "affected_label": "hitachi / hi_ux_we2", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3045/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.69758, "epss_score": 0.0144, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3045", "impact_tags": [ "service availability review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "hi_ux_we2", "public_safe_summary": "NVD: Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3045.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: hitachi / hi_ux_we2", "source_published_impact": "Source describes service availability risk · remote exposure. Possible impact: The affected service may become unavailable or unreliable.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3045/timeline.json", "vendor": "hitachi" }, { "affected_label": "advanced_software_production_line / vortex_library", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3046/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.71889, "epss_score": 0.01552, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3046", "impact_tags": [ "service availability review", "memory safety review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "vortex_library", "public_safe_summary": "NVD: Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NVD: NOTE: some of these details are obtained from third party information.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3046.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: advanced_software_production_line / vortex_library", "source_published_impact": "Source describes service availability risk · memory safety review · remote exposure. Possible impact: The affected service may become unavailable or unreliable.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NVD: NOTE: some of these details are obtained from third party information.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3046/timeline.json", "vendor": "advanced_software_production_line" }, { "affected_label": "vonage / voip_telephone_adapter", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3047/", "current_public_safe_latest": false, "cvss_score": 10.0, "cvss_severity": "CRITICAL", "epss_percentile": 0.79835, "epss_score": 0.02159, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3047", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "voip_telephone_adapter", "public_safe_summary": "NVD: The Vonage VoIP Telephone Adapter has a default administrator username \"user\" and password \"user,\" which allows remote attackers to obtain administrative access.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3047.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: vonage / voip_telephone_adapter", "source_published_impact": "Source describes remote exposure. Possible impact: This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The Vonage VoIP Telephone Adapter has a default administrator username \"user\" and password \"user,\" which allows remote attackers to obtain administrative access.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3047/timeline.json", "vendor": "vonage" }, { "affected_label": "gnu / screen", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3048/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.48561, "epss_score": 0.00707, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3048", "impact_tags": [ "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "screen", "public_safe_summary": "NVD: GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NVD: NOTE: multiple third parties report inability to reproduce this issue", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3048.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: gnu / screen; affected version context: 4.0.3", "source_published_impact": "Source describes local exposure. Possible impact: This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for local exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NVD: NOTE: multiple third parties report inability to reproduce this issue", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3048/timeline.json", "vendor": "gnu" }, { "affected_label": "buttercup_wfm / buttercup_wfm", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3049/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.70654, "epss_score": 0.01485, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3049", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "buttercup_wfm", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3049.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: buttercup_wfm / buttercup_wfm; affected version context: may-2007", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3049/timeline.json", "vendor": "buttercup_wfm" }, { "affected_label": "chameleon_cms / chameleon_cms", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3050/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.73957, "epss_score": 0.01682, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3050", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "chameleon_cms", "public_safe_summary": "NVD: Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3050.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: chameleon_cms / chameleon_cms", "source_published_impact": "Source describes remote exposure. Possible impact: This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3050/timeline.json", "vendor": "chameleon_cms" }, { "affected_label": "revokesoft / revokebb", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3051/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.64054, "epss_score": 0.01195, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3051", "impact_tags": [ "SQL injection risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "revokebb", "public_safe_summary": "NVD: SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3051.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: revokesoft / revokebb", "source_published_impact": "Source describes SQL injection risk · remote exposure. Possible impact: A remote attacker may be able to read or change database-backed application data.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3051/timeline.json", "vendor": "revokesoft" }, { "affected_label": "postnuke_software_foundation / pnphpbb", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3052/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.82689, "epss_score": 0.02508, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3052", "impact_tags": [ "SQL injection risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "pnphpbb", "public_safe_summary": "NVD: SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3052.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: postnuke_software_foundation / pnphpbb", "source_published_impact": "Source describes SQL injection risk · remote exposure. Possible impact: A remote attacker may be able to read or change database-backed application data.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3052/timeline.json", "vendor": "postnuke_software_foundation" }, { "affected_label": "calimero.cms / calimero.cms", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3053/", "current_public_safe_latest": false, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.69005, "epss_score": 0.01402, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3053", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "calimero.cms", "public_safe_summary": "NVD: Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3053.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: calimero.cms / calimero.cms", "source_published_impact": "Source describes remote exposure. Possible impact: This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3053/timeline.json", "vendor": "calimero.cms" }, { "affected_label": "codelib / linker", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3054/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.59326, "epss_score": 0.01033, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3054", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "linker", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NVD: NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3054.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: codelib / linker", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NVD: NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3054/timeline.json", "vendor": "codelib" }, { "affected_label": "codelib / linker", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3055/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.76083, "epss_score": 0.01831, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3055", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "linker", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3055.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: codelib / linker", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3055/timeline.json", "vendor": "codelib" }, { "affected_label": "websvn / websvn", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3056/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.72039, "epss_score": 0.01562, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3056", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "websvn", "public_safe_summary": "NVD: Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3056.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: websvn / websvn", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3056/timeline.json", "vendor": "websvn" }, { "affected_label": "xoops / icontent_module", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3057/", "current_public_safe_latest": false, "cvss_score": 6.8, "cvss_severity": "MEDIUM", "epss_percentile": 0.9925, "epss_score": 0.68669, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3057", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "icontent_module", "public_safe_summary": "NVD: PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NVD: NOTE: this issue is probably a duplicate of CVE-2006-4656.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3057.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: xoops / icontent_module; affected version context: 4.5", "source_published_impact": "Source describes remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NVD: NOTE: this issue is probably a duplicate of CVE-2006-4656.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3057/timeline.json", "vendor": "xoops" }, { "affected_label": "madirish_webmail / madirish_webmail", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3058/", "current_public_safe_latest": false, "cvss_score": 6.8, "cvss_severity": "MEDIUM", "epss_percentile": 0.71662, "epss_score": 0.0154, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3058", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "madirish_webmail", "public_safe_summary": "NVD: Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than... NVD: NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3058.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: madirish_webmail / madirish_webmail; affected version context: 2.0", "source_published_impact": "Source describes remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than... NVD: NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3058/timeline.json", "vendor": "madirish_webmail" }, { "affected_label": "sendcard / sendcard", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3059/", "current_public_safe_latest": false, "cvss_score": 5.0, "cvss_severity": "MEDIUM", "epss_percentile": 0.64561, "epss_score": 0.01213, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3059", "impact_tags": [ "information exposure review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "sendcard", "public_safe_summary": "NVD: SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3059.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: sendcard / sendcard; affected version context: 3.3.0", "source_published_impact": "Source describes information exposure review · remote exposure. Possible impact: A remote attacker may be able to access information that should not be exposed.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3059/timeline.json", "vendor": "sendcard" }, { "affected_label": "osi_codes_inc. / phplive", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3060/", "current_public_safe_latest": false, "cvss_score": 4.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.9106, "epss_score": 0.04963, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3060", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "phplive", "public_safe_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! NVD: 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5)...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3060.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: osi_codes_inc. / phplive; affected version context: 3.2.2", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! NVD: 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5)...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3060/timeline.json", "vendor": "osi_codes_inc." }, { "affected_label": "cactusoft / cactushop", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2007-3061/", "current_public_safe_latest": false, "cvss_score": 7.8, "cvss_severity": "HIGH", "epss_percentile": 0.83202, "epss_score": 0.02582, "first_observed_at": "2026-06-23T22:41:17.566589+00:00", "id": "CVE-2007-3061", "impact_tags": [ "information exposure review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-23T22:41:17.566589+00:00", "latest_item_url": null, "product": "cactushop", "public_safe_summary": "NVD: Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/items/CVE-2007-3061.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 1, "source_published_affected": "vendor/product: cactusoft / cactushop", "source_published_impact": "Source describes information exposure review · remote exposure. Possible impact: A remote attacker may be able to access information that should not be exposed.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2007-3061/timeline.json", "vendor": "cactusoft" }, { "affected_label": "adobe / flash_player", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2011-0627/", "current_public_safe_latest": true, "cvss_score": 8.8, "cvss_severity": "HIGH", "epss_percentile": 0.91252, "epss_score": 0.05066, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2011-0627", "impact_tags": [ "code execution review", "service availability review", "memory safety review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2011-0627.json", "product": "flash_player", "public_safe_summary": "NVD: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2011-0627.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: adobe / flash_player; affected version context: 6.0.21.0, 6.0.79, 7.0, 7.0.1, 7.0.14.0", "source_published_impact": "Source describes code execution review · service availability risk · memory safety review. Possible impact: A remote attacker may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2011-0627/timeline.json", "vendor": "adobe" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5719/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.80848, "epss_score": 0.02268, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5719", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5719.json", "product": "misp", "public_safe_summary": "NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2015-5719.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5719/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5720/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.67849, "epss_score": 0.01343, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5720", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5720.json", "product": "misp", "public_safe_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2015-5720.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5720/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5721/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.83471, "epss_score": 0.0261, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5721", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5721.json", "product": "misp", "public_safe_summary": "NVD: Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2015-5721.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes remote exposure. Possible impact: This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5721/timeline.json", "vendor": "misp-project" }, { "affected_label": "cisco / umbrella_virtual_appliance", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-12350/", "current_public_safe_latest": true, "cvss_score": 8.2, "cvss_severity": "HIGH", "epss_percentile": 0.26873, "epss_score": 0.00349, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-12350", "impact_tags": [ "admin privilege risk", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-12350.json", "product": "umbrella_virtual_appliance", "public_safe_summary": "NVD: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. NVD: The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. NVD: An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2017-12350.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: cisco / umbrella_virtual_appliance", "source_published_impact": "Source describes admin privilege risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. NVD: The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. NVD: An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-12350/timeline.json", "vendor": "cisco" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-13671/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.57369, "epss_score": 0.00967, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-13671", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-13671.json", "product": "misp", "public_safe_summary": "NVD: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. NVD: It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. OSV: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2017-13671.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. NVD: It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. OSV: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-13671/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-16946/", "current_public_safe_latest": true, "cvss_score": 4.9, "cvss_severity": "MEDIUM", "epss_percentile": 0.60762, "epss_score": 0.01075, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-16946", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-16946.json", "product": "misp", "public_safe_summary": "NVD: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. OSV: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2017-16946.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.82", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. OSV: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-16946/timeline.json", "vendor": "misp-project" }, { "affected_label": "cisco / umbrella_virtual_appliance", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-6679/", "current_public_safe_latest": true, "cvss_score": 6.4, "cvss_severity": "MEDIUM", "epss_percentile": 0.27838, "epss_score": 0.00359, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-6679", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-6679.json", "product": "umbrella_virtual_appliance", "public_safe_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2017-6679.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: cisco / umbrella_virtual_appliance", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-6679/timeline.json", "vendor": "cisco" }, { "affected_label": "vmware / spring_boot", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-8046/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.99376, "epss_score": 0.72782, "first_observed_at": "2026-06-26T22:39:02.100516+00:00", "id": "CVE-2017-8046", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-8046.json", "product": "spring_boot", "public_safe_summary": "NVD: Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. OSV: Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2017-8046.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 5, "source_published_affected": "vendor/product: vmware / spring_boot; affected version context: 2.0.0, 3.0.0", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. OSV: Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-8046/timeline.json", "vendor": "vmware" }, { "affected_label": "medtronic / mycarelink_24952_patient_monitor_firmware", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-10622/", "current_public_safe_latest": true, "cvss_score": 5.2, "cvss_severity": "MEDIUM", "epss_percentile": 0.27994, "epss_score": 0.00361, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-10622", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-10622.json", "product": "mycarelink_24952_patient_monitor_firmware", "public_safe_summary": "NVD: Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. NVD: An attacker can use these credentials for network authentication.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-10622.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: medtronic / mycarelink_24952_patient_monitor_firmware; affected version context: -", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. NVD: An attacker can use these credentials for network authentication.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-10622/timeline.json", "vendor": "medtronic" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-11562/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52268, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-11562", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-11562.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.91. NVD: A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. OSV: An issue was discovered in MISP 2.4.91.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-11562.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.91", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.91. NVD: A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. OSV: An issue was discovered in MISP 2.4.91.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-11562/timeline.json", "vendor": "misp-project" }, { "affected_label": "broadcom / spring_data_commons", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-1259/", "current_public_safe_latest": true, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.9111, "epss_score": 0.0497, "first_observed_at": "2026-06-26T22:39:02.100516+00:00", "id": "CVE-2018-1259", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-1259.json", "product": "spring_data_commons", "public_safe_summary": "NVD: Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying... OSV: Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-1259.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 5, "source_published_affected": "vendor/product: broadcom / spring_data_commons", "source_published_impact": "This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying... OSV: Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying...", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-1259/timeline.json", "vendor": "broadcom" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-12649/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.70664, "epss_score": 0.01479, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-12649", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-12649.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. NVD: An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. OSV: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-12649.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.92", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. NVD: An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. OSV: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-12649/timeline.json", "vendor": "misp-project" }, { "affected_label": "broadcom / spring_data_commons", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-1273/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.99861, "epss_score": 0.95649, "first_observed_at": "2026-06-26T22:39:02.100516+00:00", "id": "CVE-2018-1273", "impact_tags": [], "kev": true, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-1273.json", "product": "spring_data_commons", "public_safe_summary": "NVD: Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. CISA KEV: VMware Tanzu Spring Data Commons Property Binder Vulnerability OSV: Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-1273.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 5, "source_published_affected": "vendor/product: broadcom / spring_data_commons; affected version context: 1.0.0, 8.0.8.2.0, 8.0.8.3.0", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for known exploited catalog listed.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. CISA KEV: VMware Tanzu Spring Data Commons Property Binder Vulnerability OSV: Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements.", "sources": [ "NVD", "OSV", "CISA KEV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-1273/timeline.json", "vendor": "broadcom" }, { "affected_label": "broadcom / spring_data_commons", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-1274/", "current_public_safe_latest": true, "cvss_score": 7.5, "cvss_severity": "HIGH", "epss_percentile": 0.77907, "epss_score": 0.01969, "first_observed_at": "2026-06-26T22:39:02.100516+00:00", "id": "CVE-2018-1274", "impact_tags": [ "service availability review" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-1274.json", "product": "spring_data_commons", "public_safe_summary": "NVD: Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. NVD: An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). OSV: Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-1274.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 5, "source_published_affected": "vendor/product: broadcom / spring_data_commons", "source_published_impact": "Source describes service availability risk. Possible impact: The affected service may become unavailable or unreliable.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. NVD: An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). OSV: Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-1274/timeline.json", "vendor": "broadcom" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-19908/", "current_public_safe_latest": true, "cvss_score": 8.8, "cvss_severity": "HIGH", "epss_percentile": 0.96707, "epss_score": 0.1716, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-19908", "impact_tags": [ "authenticated boundary review" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-19908.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.9x before 2.4.99. NVD: In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. NVD: This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-19908.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes authenticated boundary. Possible impact: This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for authenticated boundary.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.9x before 2.4.99. NVD: In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. NVD: This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-19908/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-6926/", "current_public_safe_latest": true, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.73841, "epss_score": 0.01668, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-6926", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-6926.json", "product": "misp", "public_safe_summary": "NVD: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject... NVD: The impact is limited by the setting being only accessible to the site administrator. OSV: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2018-6926.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.87", "source_published_impact": "This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject... NVD: The impact is limited by the setting being only accessible to the site administrator. OSV: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject...", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-6926/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-10254/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.54283, "epss_score": 0.00871, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-10254", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-10254.json", "product": "misp", "public_safe_summary": "NVD: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. OSV: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2019-10254.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. OSV: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-10254/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11812/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52268, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11812", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-11812.json", "product": "misp", "public_safe_summary": "NVD: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. NVD: JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. OSV: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2019-11812.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. NVD: JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. OSV: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11812/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11813/", "current_public_safe_latest": false, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.51917, "epss_score": 0.008, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11813", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T17:11:59.399190+00:00", "latest_item_url": null, "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. NVD: There is persistent XSS via link type attributes with javascript:// links. OSV: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/items/CVE-2019-11813.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 11, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. NVD: There is persistent XSS via link type attributes with javascript:// links. OSV: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11813/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11814/", "current_public_safe_latest": false, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52229, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11814", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T17:11:59.399190+00:00", "latest_item_url": null, "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. NVD: There is persistent XSS via image names in titles, as demonstrated by a screenshot. OSV: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/items/CVE-2019-11814.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 11, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. NVD: There is persistent XSS via image names in titles, as demonstrated by a screenshot. OSV: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11814/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-12794/", "current_public_safe_latest": false, "cvss_score": 6.6, "cvss_severity": "MEDIUM", "epss_percentile": 0.55938, "epss_score": 0.00926, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-12794", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T17:11:59.399190+00:00", "latest_item_url": null, "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.108. NVD: Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). NVD: This, however, could be abused in a situation where the host organization of an instance creates organization admins.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/items/CVE-2019-12794.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 11, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.108", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.108. NVD: Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). NVD: This, however, could be abused in a situation where the host organization of an instance creates organization admins.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-12794/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-12868/", "current_public_safe_latest": false, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.87451, "epss_score": 0.03434, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-12868", "impact_tags": [ "command execution review" ], "kev": false, "last_observed_at": "2026-06-26T17:11:59.399190+00:00", "latest_item_url": null, "product": "misp", "public_safe_summary": "NVD: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. OSV: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/items/CVE-2019-12868.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 11, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.109", "source_published_impact": "Source describes command execution risk. Possible impact: An attacker may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. OSV: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-12868/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-9482/", "current_public_safe_latest": true, "cvss_score": 5.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.50049, "epss_score": 0.00742, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-9482", "impact_tags": [ "authenticated boundary review" ], "kev": false, "last_observed_at": "2026-06-27T16:34:49.784929+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-9482.json", "product": "misp", "public_safe_summary": "NVD: In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. NVD: Exploiting this requires access to the event that has received the sighting. NVD: The issue affects instances with restrictive sighting settings (event only / sighting reported only).", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/items/CVE-2019-9482.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 16, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.102", "source_published_impact": "Source describes authenticated boundary. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for authenticated boundary.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. NVD: Exploiting this requires access to the event that has received the sighting. NVD: The issue affects instances with restrictive sighting settings (event only / sighting reported only).", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-9482/timeline.json", "vendor": "misp-project" } ], "generated_at": "2026-06-27T16:35:34.670734+00:00", "latest_run_id": "20260627T163534Z", "latest_run_item_count": 20, "radar": "vuln", "read_only_static_data": true, "run_count": 19, "runs": [ { "generated_at": "2026-06-23T12:19:23.305214+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T121923Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T121923Z/manifest.json", "run_id": "20260623T121923Z" }, { "generated_at": "2026-06-23T17:23:43.894743+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T172343Z/manifest.json", "run_id": "20260623T172343Z" }, { "generated_at": "2026-06-23T22:41:30.501502+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260623T224130Z/manifest.json", "run_id": "20260623T224130Z" }, { "generated_at": "2026-06-24T06:59:13.651804+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T065913Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T065913Z/manifest.json", "run_id": "20260624T065913Z" }, { "generated_at": "2026-06-24T12:04:16.630585+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T120416Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T120416Z/manifest.json", "run_id": "20260624T120416Z" }, { "generated_at": "2026-06-24T17:22:31.563247+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T172231Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T172231Z/manifest.json", "run_id": "20260624T172231Z" }, { "generated_at": "2026-06-24T22:42:09.745346+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T224209Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260624T224209Z/manifest.json", "run_id": "20260624T224209Z" }, { "generated_at": "2026-06-25T06:58:57.151674+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T065857Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T065857Z/manifest.json", "run_id": "20260625T065857Z" }, { "generated_at": "2026-06-25T11:58:10.088403+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T115810Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T115810Z/manifest.json", "run_id": "20260625T115810Z" }, { "generated_at": "2026-06-25T17:26:35.307819+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T172635Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T172635Z/manifest.json", "run_id": "20260625T172635Z" }, { "generated_at": "2026-06-25T22:51:04.916643+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T225104Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260625T225104Z/manifest.json", "run_id": "20260625T225104Z" }, { "generated_at": "2026-06-26T07:07:13.546097+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T070713Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T070713Z/manifest.json", "run_id": "20260626T070713Z" }, { "generated_at": "2026-06-26T11:57:41.750724+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/manifest.json", "run_id": "20260626T115741Z" }, { "generated_at": "2026-06-26T17:12:41.942555+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T171241Z/manifest.json", "run_id": "20260626T171241Z" }, { "generated_at": "2026-06-26T22:40:02.296639+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T224002Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T224002Z/manifest.json", "run_id": "20260626T224002Z" }, { "generated_at": "2026-06-27T06:40:50.781213+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T064050Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T064050Z/manifest.json", "run_id": "20260627T064050Z" }, { "generated_at": "2026-06-27T11:06:40.199377+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T110640Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T110640Z/manifest.json", "run_id": "20260627T110640Z" }, { "generated_at": "2026-06-27T16:07:09.078993+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T160709Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T160709Z/manifest.json", "run_id": "20260627T160709Z" }, { "generated_at": "2026-06-27T16:35:34.670734+00:00", "index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/index.json", "item_count": 20, "manifest_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260627T163534Z/manifest.json", "run_id": "20260627T163534Z" } ], "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "schema_version": "v0.1", "webmcp_future_contract": { "annotations": { "readOnlyHint": true, "untrustedContentHint": true }, "api": "document.modelContext", "auto_remediation_allowed": false, "cross_origin_exposure_allowed": false, "deploy_allowed": false, "enabled": true, "endpoint": null, "exposed_to": [], "external_execution_allowed": false, "fallback_api": "navigator.modelContext", "fetch_allowed": false, "github_issue_creation_allowed": false, "mode": "browser_imperative_progressive_enhancement", "mutation_allowed": false, "notes": "Browser WebMCP tools are registered only when document.modelContext or navigator.modelContext is available. They read existing public-safe static JSON and perform no network fetch, deploy, scan, patch, or mutation.", "planned": false, "scan_allowed": false, "tool_output_max_items": 10, "tool_output_target_max_chars": 1500, "tools": [ "vuln_signal_search", "vuln_signal_get_item", "vuln_signal_list_priority" ] } }