Monthly
Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.
Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.
A security vulnerability in Trust boundary violation in Visual Studio Code - Python extension (CVSS 7.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable, low attack complexity.
GRUB2 bootloader fails to enforce lockdown mode restrictions on the dump command, allowing local privileged users to read arbitrary memory contents and extract sensitive cryptographic material including signatures, salts, and other secrets. Grub2 is affected across multiple Linux distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise. The vulnerability carries a CVSS score of 4.4 with a low EPSS exploitation probability of 0.05% (14th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been identified at time of analysis.
Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.
Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.
A security vulnerability in Trust boundary violation in Visual Studio Code - Python extension (CVSS 7.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable, low attack complexity.
GRUB2 bootloader fails to enforce lockdown mode restrictions on the dump command, allowing local privileged users to read arbitrary memory contents and extract sensitive cryptographic material including signatures, salts, and other secrets. Grub2 is affected across multiple Linux distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise. The vulnerability carries a CVSS score of 4.4 with a low EPSS exploitation probability of 0.05% (14th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been identified at time of analysis.