179 matches found
PT-2026-58846
Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.2 Description A reachable assertion issue exists within the Level Control cluster's periodic server tick logic. A remote, unauthenticated attacker can cause a denial of service by sending a...
CVE-2025-56365
Summary (CVE-2025-56365): A reachable assertion vulnerability exists in Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command processing logic. If an InvokeCommandRequest targets a nonexistent endpoint and cluster (e.g., 0x34), CodegenDataModelProvider::Invoke lacks proper c...
CVE-2025-56363
The Matter SDK (connectedhomeip) has a null pointer dereference in ReadRevisionAttribute across multiple clusters (Channel, Account Login, TargetNavigator, etc.) due to missing validation of the delegate pointer. This affects versions prior to 1.4.0 and can be exploited by a remote unauthenticate...
CVE-2025-56362
The CVE-2025-56362 entry concerns the Matter SDK (connectedhomeip) before 1.4.2. Affected component: Level Control cluster’s periodic server tick logic. Attack scenario: issuing a MoveToLevel command and immediately writing OperationMode=2 in the Pump Configuration and Control cluster can trigger...
CVE-2026-40522
creationtimestamp| type| source ---|---|--- 2026-06-29 16:07:04+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpgun5j5r22u...
Agent AI is Coming. Are You Ready?
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" the unseen, unmanaged elements of identity now overshadows the visible elements 57% vs. 43%. And it couldn't have...
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of...
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...
Remote Code Execution (RCE)
tinacms is vulnerable to remote code execution. The vulnerability is due to improper handling of markdown content using the gray-matter package, which allows an attacker to execute arbitrary code by injecting malicious content into processed markdown files such as blog posts...
Arbitrary Code Injection
md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...
Spinning complex ideas into clear docs with Kri Dontje
Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
The Rise of MCPs in the Enterprise The Model Context Protocol MCP is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automa...
RUSTSEC-2026-0043 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
CVE-2026-0619
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...
CVE-2026-0619
Silicon Labs Matter SDK contains a reachable infinite loop caused by an integer wraparound, enabling a network-accessible denial-of-service. The vulnerability affects the Matter implementation and can force a hard reset to recover. The CVSS metrics indicate a medium base severity with impact on a...
CVE-2026-0619
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...
CVE-2026-0619 Integer Wraparound DoS in Silicon Labs Matter Implementation
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...
CVE-2026-0619 Integer Wraparound DoS in Silicon Labs Matter Implementation
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...
Silicon Labs Matter SDK 安全漏洞
Silicon Labs Matter SDK is a software development kit provided by Silicon Labs, Inc. in the United States. The Silicon Labs Matter SDK has a security vulnerability that stems from an integer overflow, leading to an infinite loop that could potentially trigger a denial-of-service attack...