Monthly
Authentication bypass in Ubiquiti UniFi Protect Application (versions prior to 7.1.83) allows a network-adjacent attacker to circumvent authentication controls on UniFi Protect Cameras via an improper initialization flaw. The bypass yields total compromise of camera confidentiality, integrity, and availability, though exploitation depends on certain unspecified conditions and carries high attack complexity. No public exploit is identified at time of analysis, and EPSS probability is low (0.24%), consistent with the CISA SSVC assessment of no known exploitation.
ICMP egress policy bypass in Docker Sandboxes (sbx) allows untrusted workloads - explicitly including AI agents - to defeat the documented ICMP block and reach arbitrary external hosts after a Docker daemon restart. The authorizer enforcing the ICMP egress restriction is applied only at network-creation time and is never re-applied when the daemon reconstructs network state from disk on restart, leaving the policy unenforced for the lifetime of the rebuilt network. No public exploit has been identified at time of analysis, but the bypass enables network reconnaissance and covert-channel data exfiltration directly contradicting the sbx threat model, which treats sandbox workloads as adversarial.
Cookie scope escalation in aiohttp's CookieJar persistence layer causes host-only cookies to lose their host-restricted status after a save/load cycle, allowing them to be transmitted to subdomains that the original server never authorized to receive them. Applications using pip/aiohttp <= 3.14.0 that invoke CookieJar.save() and CookieJar.load() for session persistence are affected. No public exploit code has been identified at time of analysis, but the impact is information disclosure: sensitive cookies - including session tokens or authentication credentials - may be sent to unintended subdomain endpoints, violating the HTTP cookie scoping model.
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper BIOS initialization in certain ThinkPad models enables local privileged users to modify system data and execute arbitrary code with high integrity impact. The vulnerability requires elevated privileges and local access, posing a risk to organizations where administrative users may be compromised or untrusted. No patch is currently available.
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point.
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. [CVSS 2.9 LOW]
Authentication bypass in Ubiquiti UniFi Protect Application (versions prior to 7.1.83) allows a network-adjacent attacker to circumvent authentication controls on UniFi Protect Cameras via an improper initialization flaw. The bypass yields total compromise of camera confidentiality, integrity, and availability, though exploitation depends on certain unspecified conditions and carries high attack complexity. No public exploit is identified at time of analysis, and EPSS probability is low (0.24%), consistent with the CISA SSVC assessment of no known exploitation.
ICMP egress policy bypass in Docker Sandboxes (sbx) allows untrusted workloads - explicitly including AI agents - to defeat the documented ICMP block and reach arbitrary external hosts after a Docker daemon restart. The authorizer enforcing the ICMP egress restriction is applied only at network-creation time and is never re-applied when the daemon reconstructs network state from disk on restart, leaving the policy unenforced for the lifetime of the rebuilt network. No public exploit has been identified at time of analysis, but the bypass enables network reconnaissance and covert-channel data exfiltration directly contradicting the sbx threat model, which treats sandbox workloads as adversarial.
Cookie scope escalation in aiohttp's CookieJar persistence layer causes host-only cookies to lose their host-restricted status after a save/load cycle, allowing them to be transmitted to subdomains that the original server never authorized to receive them. Applications using pip/aiohttp <= 3.14.0 that invoke CookieJar.save() and CookieJar.load() for session persistence are affected. No public exploit code has been identified at time of analysis, but the impact is information disclosure: sensitive cookies - including session tokens or authentication credentials - may be sent to unintended subdomain endpoints, violating the HTTP cookie scoping model.
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper BIOS initialization in certain ThinkPad models enables local privileged users to modify system data and execute arbitrary code with high integrity impact. The vulnerability requires elevated privileges and local access, posing a risk to organizations where administrative users may be compromised or untrusted. No patch is currently available.
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point.
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. [CVSS 2.9 LOW]