CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

PT-2025-38060

Name of the Vulnerable Software and Affected Versions: Linkr versions through 2.0.0 Description: Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a...

@clerk/backend Performs Insufficient Verification of Data Authenticity

Impact Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. Patches @clerk/backend: the helper has been patched as of 2.4.0 @clerk/astro: the helper has been patched as of 2.10.2 @clerk/express: the helper...

GHSA-9MP4-77WG-RWX9 @clerk/backend Performs Insufficient Verification of Data Authenticity

Impact Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. Patches @clerk/backend: the helper has been patched as of 2.4.0 @clerk/astro: the helper has been patched as of 2.10.2 @clerk/express: the helper...

PT-2025-22478

Name of the Vulnerable Software and Affected Versions OpenSSL version 3.5 Description The issue arises from the use of the -addreject option with the openssl x509 application, which adds a trusted use instead of a rejected use for a certificate. This means if a user intends to make a trusted...

PT-2024-36069 · Unknown · Sigstore-Java

Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...

XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check

The version of XZ Utils installed on the remote host is potentially affected by a backdoor vulnerability. Note: This plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. The method of installation of XZ Utils plays a role in...

PT-2023-20659 · Cerebrate · Cerebrate

Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.12 Description: The issue arises from the improper consideration of organisation id during the creation of API keys. This could potentially lead to unauthorized access or misuse of API keys. Recommendations: For Cerebrate...

overflow in buy function

Lines of code Vulnerability details Impact the function doesn't check if the input is more the supply Proof of Concept the function doesn't have any condition check of amount Tools Used manually Recommended Mitigation Steps check the input for maximum or requirement for max supply --- The text wa...

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...

Inflection: Limited arbitrary text inclusion in user invite emails

When creating a GoodHire account, a fairly wide range of ASCII characters are permitted in certain fields like Company Name. This field is included in email templates that are automatically sent to new users when an account owner invites them to join a GoodHire account. Theoretically, spam conten...

openssh: failure to check DNS SSHFP records in certain scenarios

It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record...

XSS in filter.subscription.prefix.monthDay parameter of /secure/FilterSubscription.jspa

http://172.16.230.130:8080/secure/FilterSubscription.jspa?filter.subscription.prefix.interval=180&groupName=jira-users&filter.subscription.prefix.runFromMins=00&nextRun=&filter.subscription.prefix.runToMins=00&filter.subscription.prefix.runToMeridian=pm&filter.subscription.prefix.week=2&filter.su...