CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

CVE-2026-7574

Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...

CVE-2026-7574 Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

CVE-2026-25775 SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

EUVD-2025-31029

Malicious code in bioql PyPI...

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

CVE-2025-20313

Cisco IOS XE Software contains multiple vulnerabilities that allow an authenticated local attacker with level-15 privileges or an unauthenticated attacker with physical access to execute persistent code at boot time and break the chain of trust. The issues stem from path traversal and improper im...

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper path traversa...

PT-2025-39301

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description The software contains flaws that could allow an authenticated local attacker with level-15 privileges, or an unauthenticated attacker with physical access to the device, to...

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

CVE-2024-47211

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image. Mitigation Mitigation for this issue is either not available or the...

CVE-2024-32883 MCUboot Injection attack of unprotected TLV values

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

Design/Logic Flaw

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

SUSE CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...

[SECURITY] Fedora 34 Update: pngcheck-3.0.3-1.fc34

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

pngcheck pr***_bu*** function has a buffer out-of-bounds read vulnerability

pngcheck is used to verify the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRC, aka checksum and decompressing the image data, and it has the option to dump almost all block-level information in the image in a human-readable form. A buffer out-of-bounds read vulnerability...