With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This...

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access...

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type...

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. More information : https://www.ibm.com/support/pages/node/7252019

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they...

hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same...

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing...

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. More information...

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is...

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds...

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on “C:Program Files (x86)ossec-agentauthd.pass” exposes the password to all “Authenticated...

Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC...

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. More information : https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3029.html