nitro-tpm-pcr-compute may allow kernel command line modification by an account operator

Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...

EUVD-2025-201304

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up ...

CVE-2025-12195

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

CVE-2025-12196 WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up ...

AZL-71560 CVE-2025-65637 affecting package cf-cli for versions less than 8.4.0-26

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

EUVD-2025-200052

Malicious code in mongodb-atlas-cli-toc-generator npm...

HexStrike AI MCP Agents 安全漏洞

HexStrike AI MCP Agents is an MCP server by the individual developer Muhammad Osama. HexStrike AI MCP Agents suffers from a security vulnerability that stems from not cleaning up command line parameters, which could lead to the execution of arbitrary code...

[SECURITY] Fedora 42 Update: pack-0.38.2-1.fc42

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 43 Update: pack-0.38.2-1.fc43

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

[SECURITY] Fedora 43 Update: 7zip-25.01-1.fc43

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)

Last week, there were 167 vulnerabilities disclosed in 152 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Important: Red Hat Security Advisory: RHTAS 1.3.1 - Tech Preview Release of Model Transparency

The Tech Preview release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

[SECURITY] Fedora 41 Update: kubernetes1.33-1.33.6-1.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

@asyncapi/cli (>=2.5.0 <=4.1.1), @powerlines/plugin-asyncapi (>=0.1.0 <=0.1.558) +1 more potentially affected by unknown CVE via @asyncapi/generator (>=2.11.0 <=2.8.3)

@asyncapi/generator NPM version =2.11.0, =2.5.0, =0.1.0, =0.1.558 - nestjs-asyncapi =2.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIGENERATOR-14103255...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINLINUXX64-14103292...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-macos-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-macos-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINMACOSX64-14103294...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-macos-arm64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-macos-arm64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINMACOSARM64-14103293...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=5.0.1 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/modelina-cli (=5.10.1)

@asyncapi/modelina-cli NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina-cli and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =5.0.1, =1.4.14, =1.4.48 -...