CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

CVE-2025-7647

CVE-2025-7647 affects llama-index-core up to version 0.12.44, with a vulnerability in get_cache_dir() that uses a predictable, hardcoded directory path (/tmp/llama_index) on Linux. On multi-user Linux systems, this insecure temporary directory can enable local attackers to steal proprietary model...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.44 and earlier, which stems from the use of hard-coded paths and lack of security controls in the getcachedir function, which could lead to model stealin...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326

CVE-2025-36326 affects IBM Cognos Controller 11.0.0–11.0.1 FP6 and IBM Controller 11.1.0–11.1.1. The issue arises from hardcoded cryptographic keys used to sign session cookies, enabling potential disclosure of sensitive information. The IBM security bulletin lists remediation: upgrade to IBM Cog...

Use Of Default Credentials

github.com/neuvector/neuvector is vulnerable to Use of Default Credentials. The vulnerability is due to hardcoded default password due to the use of a fixed string as the default admin password, which can be exploited if not changed immediately after deployment, allowing attackers with network...

VulnCheck KEV: CVE-2024-7344

Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...

Doxense Watchdoc 安全漏洞

Doxense Watchdoc is a print management and cost control software from Doxense France. A security vulnerability exists in Doxense Watchdoc versions prior to 6.1.0.5094, which stems from the presence of hardcoded and predictable data that could lead to the disclosure of user puk code...

PT-2025-39647

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller versions 11.1.0 through 11.1.1 Description The software uses hardcoded cryptographic keys for signing session cookies, potentially allowing an attacker to obtain sensitive...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of...

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks

Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks...

PT-2025-39223

Name of the Vulnerable Software and Affected Versions Click Plus PLC version 3.60 Description A hard-coded cryptographic key is present in firmware version 3.60 of the Click Plus PLC. This key, an AES key, is used to protect the initial messages of a new KOPS session. Recommendations At the momen...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

WordPress plugin Estonian Shipping Methods for WooCommerce 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...