{"count":8,"threats":[{"id":"CVE-2026-39842","source":"NVD","severity":9.9,"description":"OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0.","published":"2026-04-15T04:17:36.903","cvss_version":"3.1"},{"id":"CVE-2026-22582","source":"NVD","severity":9.8,"description":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.","published":"2026-01-24T01:15:49.920","cvss_version":"3.1"},{"id":"CVE-2026-22585","source":"NVD","severity":9.8,"description":"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.","published":"2026-01-24T01:15:50.167","cvss_version":"3.1"},{"id":"CVE-2026-22586","source":"NVD","severity":9.8,"description":"Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.","published":"2026-01-24T01:15:50.283","cvss_version":"3.1"},{"id":"CVE-2025-13952","source":"NVD","severity":9.8,"description":"A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.","published":"2026-01-24T03:16:00.360","cvss_version":"3.1"},{"id":"CVE-2026-22583","source":"NVD","severity":9.8,"description":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.","published":"2026-01-24T01:15:50.060","cvss_version":"3.1"},{"id":"CVE-2026-1555","source":"NVD","severity":9.8,"description":"The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","published":"2026-04-15T04:17:33.600","cvss_version":"3.1"},{"id":"CVE-2026-24399","source":"NVD","severity":9.3,"description":"ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.","published":"2026-01-24T01:15:50.393","cvss_version":"3.1"}]}