Vulnerability intelligence

CVE-2025-53892 describes a DOM-based Cross-Site Scripting (XSS) vulnerability found in Vue I18n, an internationalization plugin for Vue.js. The vulnerability arises because the `escapeParameterHtml: true` option, which is designed to prevent HTML/script injection by escaping interpolated parameters, fails to adequately sanitize specific tag-based payloads. This flaw allows for the execution of malicious JavaScript code if an interpolated value containing such a payload is inserted into an HTML context using `v-html`, even when the `escapeParameterHtml` setting is enabled.

CVE-2020-17103 is an Elevation of Privilege vulnerability found in the Windows Cloud Files Mini Filter Driver (cldflt.sys). This flaw allows a locally authenticated attacker with low privileges to escalate their access to SYSTEM-level permissions on a vulnerable system. The vulnerability was initially disclosed and patched by Microsoft as part of their December 2020 Patch Tuesday release cycle. However, it has recently resurfaced in discussions among threat actors and in public exploitation guidance forums, leading to renewed attention on potential exploitation attempts against unpatched Windows environments.

CVE-2026-40369 is identified as an untrusted pointer dereference vulnerability residing within the Windows Kernel. This flaw enables an authorized attacker to achieve local privilege escalation. The vulnerability allows an attacker, who already has authorized access to the system, to elevate their privileges. This issue was published on May 12, 2026, and is categorized as an Elevation of Privilege vulnerability.

CVE-2026-42897 is a spoofing vulnerability impacting on-premises versions of Microsoft Exchange Server, including Exchange Server 2016, 2019, and Subscription Edition. This flaw, identified as an improper neutralization of input during web page generation (cross-site scripting or XSS), specifically affects Outlook Web Access (OWA). An attacker can exploit CVE-2026-42897 by sending a specially crafted email to a user. If the user opens this malicious email in Outlook Web Access, arbitrary JavaScript can be executed within the context of their browser, enabling spoofing over the network. Microsoft has confirmed that this vulnerability is under active exploitation.

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

CVE-2026-31431, dubbed "Copy Fail," is a local privilege escalation (LPE) vulnerability found within the Linux kernel's cryptographic subsystem. Specifically, it stems from a logic flaw in the `algif_aead` module of the `AF_ALG` (userspace crypto API), which leads to improper memory handling during in-place operations. This flaw allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the page cache of any readable file on the system, including setuid binaries. This vulnerability has been present in Linux kernels since 2017 and impacts a wide range of major distributions, including Red Hat, SUSE, Ubuntu, and Amazon Linux. Exploitation is described as reliable, not requiring race conditions or kernel-specific offsets, and can be achieved with a small Python script. The in-memory corruption means the file on disk remains unchanged, and typical on-disk checksums would not detect the modification.