Authentication token leakage in Black Lantern Security's bbot docker_pull module exposes Docker credentials to MITM attackers who can substitute the realm parameter in a forged WWW-Authenticate Bearer challenge. When bbot contacts a Docker registry and receives a 401 response, the vulnerable module blindly trusts the attacker-supplied realm URL and forwards authentication material to an arbitrary endpoint outside the legitimate registry domain. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but an upstream patch commit is available on GitHub.
Symlink-following path traversal in BBOT's github_workflows module (all versions prior to commit 16d9c42b6) allows a local attacker sharing the scan output directory to redirect workflow artifact writes to an attacker-chosen filesystem location. By planting a symlink at the predictable output path (output_dir/owner/repo) before a scan runs, the attacker causes BBOT to write GitHub workflow data outside the intended directory, achieving a limited file-write primitive. No public exploit is identified at time of analysis, and CVSS rates this Low (2.2) reflecting the high-complexity, local-only, victim-triggered attack surface.
SameSite attribute parsing in undici's cookie implementation uses substring matching instead of the case-insensitive exact match required by RFC 6265, enabling a malicious or non-compliant upstream server to silently downgrade a cookie's SameSite enforcement to a more permissive value. All undici installations from v5.15.0 onward through the unpatched release branches are affected when consuming Set-Cookie headers via undici's fetch or proxy code paths and forwarding or relying on the parsed sameSite attribute. No public exploit has been identified and no CISA KEV listing exists at time of analysis; however, the integrity impact is concrete in architectures where SameSite policy enforcement is delegated to the parsed cookie attribute.
Response queue poisoning in Undici's HTTP/1.1 client allows an attacker-controlled or compromised upstream server to inject unsolicited HTTP responses onto idle keep-alive sockets, causing subsequent outbound requests to receive falsified responses. All Undici versions across the v6, v7, and v8 branches prior to the patched releases are affected when keep-alive connection reuse is active (the default). While the CVSS score is low (3.7) and no public exploit or KEV listing exists, the integrity impact can carry significant business logic consequences in applications that proxy requests through third-party or partially trusted upstream servers.
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds write in snes9x 1.63's UPS patch file parser allows a crafted .ups ROM patch file to trigger memory corruption and a denial-of-service crash. The flaw resides in the ReadUPSPatch loop in memmap.cpp, where the loop iterator `relative` was not bounded against CMemory::MAX_ROM_SIZE, permitting writes past the end of the allocated ROM buffer. Impact is limited to availability (crash) per the CVSS vector, though the underlying CWE-787 out-of-bounds write class carries broader memory-safety implications. No public exploit identified at time of analysis, and CVSS rates this Low (2.9) due to local attack vector and high complexity.
Credential disclosure in Pi coding agent affects all versions of @mariozechner/pi-coding-agent (>=0.28.0, <=0.73.1) and @earendil-works/pi-coding-agent (>=0.74.0, <0.78.1) due to a TOCTOU race condition in auth.json file writes. The credential storage code wrote auth.json with umask-inherited permissions and only subsequently tightened the mode to owner-only, leaving a brief window in which a local user with directory traverse access could read API keys, OAuth access tokens, and OAuth refresh tokens. This is not remotely exploitable; no public exploit identified at time of analysis, and the vendor CVSS of 2.2 reflects the strict local and timing prerequisites.
Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0 silently downgrades RSA encryption from OAEP to PKCS#1 v1.5 when operators explicitly configure `encrypt:rsa:algorithm=OAEP`. The root cause is an incorrect BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` - the `OAEP` branch passed `"RSA/ECB/PKCS1"` to `CipherUtilities.GetCipher()` instead of the correct `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`, meaning both the `OAEP` and `DEFAULT` settings silently selected the same weaker algorithm. No public exploit is identified at time of analysis, and CVSS scores this at 1.9 (Low) given the high-privilege local attack vector; however, the security consequence is a cryptographic guarantee failure that exposes encrypted configuration secrets to Bleichenbacher-class padding oracle attacks that OAEP was chosen to prevent.