Claude

**Name of the Vulnerable Software and Affected Versions** Nuxt versions 3.11.0 through 3.21.6 Nuxt versions 4.0.0 through 4.4.6 **Description** A route-rule middleware bypass exists due to a case-sensitivity mismatch between vue-router and the routeRules matcher. **Recommendations** Update to version 3.21.7 for versions in the 3.x branch. Update to version 4.4.7 for versions in the 4.x branch.

**Name of the Vulnerable Software and Affected Versions** prefecthq/prefect version 3.6.19 **Description** An authentication bypass occurs due to improper handling of URL path exemptions for health check probes. The authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allows an attacker to create resources with names ending in 'health' or 'ready' to access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This can lead to unauthorized access to sensitive information, such as API keys and database credentials, stored in Prefect Variables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Insufficient state checks create a vector that allows the bypass of two-factor authentication (2FA) checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Improper validation of the `search` parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and directories outside the intended folder on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Improper validation of user-supplied input leads to a local file inclusion, which allows an attacker to include files on the local server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 **Description** Uncontrolled recursion during SSL and GSS negotiation enables an attacker with access to a PostgreSQL AF UNIX socket to cause a sustained denial of service. Additionally, if both SSL and GSS are disabled, the same effect can be achieved via access to a PostgreSQL TCP socket. **Recommendations** Update to version 18.4 or later. Update to version 17.10 or later. Update to version 16.14 or later. Update to version 15.18 or later. Update to version 14.23 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 **Description** An integer overflow—a condition where an arithmetic operation attempts to create a numeric value that is too large to be represented—exists in the kernel of M5 Macs. This issue, caused by insufficient input validation, could allow an application to cause unexpected system termination or lead to kernel privilege escalation. **Recommendations** Update iOS to version 18.7.9. Update iPadOS to version 18.7.9. Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A reference count leak occurs in the `nfsd get dir deleg()` function within the nfsd component. Specifically, the reference to the `fp` variable is not properly released before the function returns. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the iommupt component where the unmap process may unmap more than requested if the ending point falls within a large or contiguous Input/Output Page Table Entry (IOPTE). In such cases, the gather process only flushes the range specifically requested for unmapping rather than the entire unmapped range, leading to a short invalidation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the EDAC/mc component where the error path ordering in the `edac mc alloc()` function is incorrect. When the `mci->pvt info` allocation fails, the system calls `put device()`, which triggers the device's release function. Because `device initialize()` occurs after the failed allocation, the device and its release function pointer remain uninitialized at the time of the call, leading to a null pointer dereference in `kobject put()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z **Description** A path traversal issue in the `ReadMultiple` internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the configured drive roots. This affects distributed-erasure (multi-node) deployments, while single-node standalone deployments are not affected. The attack requires an HS512 JWT signed with `MINIO ROOT PASSWORD` and the `accessKey` set to `MINIO ROOT USER`. The issue occurs because the `ReadMultiple` handler in `cmd/storage-rest-server.go` forwards the `Bucket`, `Prefix`, and `Files` fields from a msgpack-encoded `ReadMultipleReq` body to `xlStorage.ReadMultiple` in `cmd/xl-storage.go` without validation. The `pathJoin` function resolves `..` components, allowing access to any path on the filesystem accessible by the MinIO process UID. An attacker can trigger this by sending a POST request to '/minio/storage/{drivePath}/v63/rmpl' with traversal sequences in the `Bucket` field. Impact varies by deployment: on bare-metal systems, access is limited to files owned by the MinIO UID (e.g., TLS private keys, KMS/KES key material); in containerized environments running as UID 0, it allows arbitrary host-filesystem disclosure, including `/etc/shadow` and Kubernetes service-account tokens. **Recommendations** Upgrade to MinIO AIStor version RELEASE.2024-10-23T19-38-07Z or later. Rotate the root credential and restrict its distribution to prevent unauthorized JWT minting. Configure MinIO containers to run as a non-root user by setting `securityContext.runAsNonRoot: true` or using the `--user` flag in Docker. Use the `--internode-port` flag to isolate internode traffic on a separate interface and block that interface from client networks.

**Name of the Vulnerable Software and Affected Versions** Firecracker versions 1.13.0 through 1.14.3 Firecracker version 1.15.0 **Description** An out-of-bounds write issue exists in the virtio PCI transport on x86 64 and aarch64 architectures. A local guest user with root privileges can exploit this by modifying virtio queue configuration registers after device activation to crash the Firecracker VMM process or potentially execute arbitrary code on the host. Host code execution requires additional preconditions, such as specific snapshot configurations or the use of a custom guest kernel. **Recommendations** For versions 1.13.0 through 1.14.3, upgrade to version 1.14.4 or later. For version 1.15.0, upgrade to version 1.15.1 or later.

Name of the Vulnerable Software and Affected Versions Shynet versions prior to 0.14.0 Description Shynet versions before 0.14.0 are susceptible to Host header injection within the password reset process. Recommendations Update Shynet to version 0.14.0 or later.

**Name of the Vulnerable Software and Affected Versions** mlflow/mlflow versions prior to 3.10.0 **Description** An unauthenticated remote attacker can read arbitrary files from the server's filesystem. The issue occurs in the ` create model version()` handler of `mlflow/server/handlers.py` when a 'CreateModelVersion' request includes the tag `mlflow.prompt.is prompt`, which bypasses source path validation. This allows an attacker to store an arbitrary local filesystem path as the model version source. Subsequently, the `get model version artifact handler()` function uses this source to serve files without verifying the prompt status of the model version. **Recommendations** Update to version 3.10.0.