PT-2025-48091

Name of the Vulnerable Software and Affected Versions WebAssembly Micro Runtime WAMR versions prior to 2.4.4 Description WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Versions prior to 2.4.4 are susceptible to a segmentation fault in the v128.store...

WebAssembly Micro Runtime 缓冲区错误漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

Wibu-Systems WibuKey Runtime Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Wibu-Systems WibuKey Runtime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

WebAssembly Micro Runtime 代码问题漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

EUVD-2025-199002

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...

EUVD-2025-198987

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface AXI, potentially resulting in loss of confidentiality, integrity, and/or availability...

CVE-2025-0003

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...

CVE-2025-0003

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...

CVE-2025-0003

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...

CVE-2025-0003

AMD Xilinx Run Time (XRT) drivers, specifically the user-space XOCL path, are affected by a lock-protection deficiency that can trigger a Use-After-Free condition when exploited locally. This can lead to loss of confidentiality or availability. The issue is consistently described across multiple ...

CVE-2025-52539

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface AXI, potentially resulting in loss of confidentiality, integrity, and/or availability...

CVE-2025-52539

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface AXI, potentially resulting in loss of confidentiality, integrity, and/or availability...

CVE-2025-52539

CVE-2025-52539 corresponds to a buffer overflow in AMD Xilinx Run Time (XRT) environments, specifically impacting the XRT user-space XOCL drivers. The issue allows a local attacker to read or corrupt data in the AXI interface, with potential consequences to confidentiality, integrity, and availab...

@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/api-sdk (>=3.27.18 <=3.28.60) +7 more potentially affected by unknown CVE via @voiceflow/base-types (>=2.100.1 <=2.136.1)

@voiceflow/base-types NPM version =2.100.1, =2.14.43, =3.27.18, =2.13.92, =2.0.0, =2.20.44, =1.60.0, =1.8.0, =2.9.71, =3.26.33, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWBASETYPES-14103397...

@voiceflow/react-chat (>=1.0.0 <=2.62.4) potentially affected by unknown CVE via @voiceflow/sdk-runtime (>=1.10.0 <=1.3.4)

@voiceflow/sdk-runtime NPM version =1.10.0, =1.0.0, =2.62.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSDKRUNTIME-14103432...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/runtime-client-js (>=1.6.1 <=1.17.4) potentially affected by unknown CVE via @voiceflow/runtime (>=1.27.2 <=1.28.0)

@voiceflow/runtime NPM version =1.27.2, =1.6.1, =1.17.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWRUNTIME-14103430...

@voiceflow/react-chat (>=1.59.4 <=2.62.4), @voiceflow/sdk-runtime (>=1.18.1 <=1.29.0-alpha.1) potentially affected by unknown CVE via @voiceflow/dtos-interact (>=1.10.0 <=1.26.0)

@voiceflow/dtos-interact NPM version =1.10.0, =1.59.4, =1.18.1, =1.29.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWDTOSINTERACT-14103405...

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud , has compromised hundreds of npm packages, according to reports from Aikido,...

PT-2025-47960

Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability...