praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

Summary Type: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORMJWTSECRET is unset. A safety check exists but only fires when PLATFORMENV != "dev"; the default value of PLATFORMENV is "dev", so the check is silently...

Malicious code in @navify-platform/env (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the adev_release() function in the Linux operating system’s Platform Environment Control Interface (PECI) kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the adevrelease function in the drivers/peci/cpu.c module of the Linux operating system’s Platform Environment Control Interface PECI kernel is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the...