Security Vulnerabilities
Vulnerability of exposing object heap addresses in the Ark eTS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Out-of-bounds read vulnerability in the runtime interpreter module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the audio module.
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the device standby module.
Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-05
Permission verification vulnerability in the home screen module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-09-05
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-05
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx location blocks). The original implementation relied on fixed character offsets when parsing request URLs. Under certain malformed absolute-form Request-URIs, this could lead to incorrect path extraction depending on the application and environment. If proxy ACLs are used to protect sensitive endpoints such as /admin, this flaw could have allowed unauthorized access. The confidentiality impact depends on what data is exposed: if sensitive administrative data is exposed, the impact may be high, otherwise it may be moderate. This issue is fixed in version 4.9.6.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-05
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-04
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
CVSS Score
9.9
EPSS Score
0.0
Published
2025-09-04
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-04