Lucene search
+L

180 matches found

Github Security Blog
Github Security Blog
added 1 hour ago3 views

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during...

8.7CVSS5.7AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2025-210472

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...

7.5CVSS6.1AI score0.00346EPSS
Exploits1References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-210471

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS6AI score0.00346EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-210469

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...

7.5CVSS6.1AI score0.00324EPSS
Exploits1References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2025-210468

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

7.5CVSS6AI score0.00393EPSS
Exploits1References3
NVD
NVD
added 3 days ago9 views

CVE-2025-56362

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...

7.5CVSS0.00324EPSS
Exploits1References2
NVD
NVD
added 3 days ago7 views

CVE-2025-56364

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS0.00346EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2025-56365

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...

7.5CVSS0.00346EPSS
Exploits1References3
NVD
NVD
added 3 days ago5 views

CVE-2025-56361

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

7.5CVSS0.00393EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2025-56361

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

0.00393EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2025-56362

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...

0.00324EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2025-56363

A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...

0.00344EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago36 views

CVE-2025-56364

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2025-56365

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...

0.00346EPSS
Exploits1References3
CVE
CVE
added 3 days ago7 views

CVE-2025-56364

The CVE-2025-56364 entry relates to the Matter SDK (connectedhomeip) before 1.4.0, where GetDestinationGroupId().Value() can be accessed without verifying existence, causing a crash (SIGABRT) and denial of service. Root cause: use of an uninitialized value; the affected component is the Matter SD...

7.5CVSS6AI score0.00346EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-58848

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A use of uninitialized value occurs when the GetDestinationGroupId.Value method is called without verifying if a value exists. This happens when an InvokeCommand is sent without...

6.1AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-58849

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A reachable assertion issue exists in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster, the...

6AI score0.00346EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-58846

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.2 Description A reachable assertion issue exists within the Level Control cluster's periodic server tick logic. A remote, unauthenticated attacker can cause a denial of service by sending a...

6.1AI score0.00324EPSS
Exploits1References4
CVE
CVE
added 3 days ago7 views

CVE-2025-56365

Summary (CVE-2025-56365): A reachable assertion vulnerability exists in Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command processing logic. If an InvokeCommandRequest targets a nonexistent endpoint and cluster (e.g., 0x34), CodegenDataModelProvider::Invoke lacks proper c...

7.5CVSS6.1AI score0.00346EPSS
Exploits1References3Affected Software1
CVE
CVE
added 3 days ago6 views

CVE-2025-56363

The Matter SDK (connectedhomeip) has a null pointer dereference in ReadRevisionAttribute across multiple clusters (Channel, Account Login, TargetNavigator, etc.) due to missing validation of the delegate pointer. This affects versions prior to 1.4.0 and can be exploited by a remote unauthenticate...

7.5CVSS6AI score0.00344EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder