CVE-2025-54808

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2025-54808 Oxford Nanopore Technologies MinKNOW Insufficiently Protected Credentials

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2025-54808

Oxford Nanopore MinKNOW (versions prior to 24.11) stores authentication tokens in a world-readable file under /tmp on the host. A local attacker can access tokens, and if remote access is enabled, may establish unauthorized remote connections to the sequencer. The vulnerability can be chained to ...

EUVD-2025-35683

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

Apple may have to open its walled garden to outside app stores

The UK’s Competition and Markets Authority CMA ruled that both Google and Apple have a "strategic market status." Basically, they have a monopoly over their respective mobile platforms. As a result, Apple may soon be required to allow rival app stores on iPhones—a major shift for the smartphone...

CVE-2025-60852

CVE-2025-60852 is a CSV Injection vulnerability in Instant Developer Foundation before 25.0.9600. The root cause is insufficient sanitization of user-controlled input when generating CSV exports, allowing untrusted content to be included in the exported file. This can lead to code execution on th...

Instant Developer Foundation 安全漏洞

Instant Developer Foundation is a low-code application development platform from the Italian company Instant Developer. A security vulnerability exists in Instant Developer Foundation versions prior to 25.0.9600 that stems from not properly cleaning up user-controlled inputs and could lead to cod...

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

PT-2025-43541

Name of the Vulnerable Software and Affected Versions Oxford Nanopore Technologies MinKNOW versions prior to 24.11 Description The MinKNOW software stores authentication tokens in a world-readable file within the system's temporary directory /tmp on the host machine. If a token is compromised, an...

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

EUVD-2022-54773

In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts....

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in grpc-js-1.7.3.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in grpc-js-1.7.3.tgz Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9,...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz Vulnerability Details CVEID:CVE-2024-34342 DESCRIPTION: react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...