David Spruengli

Name of the Vulnerable Software and Affected Versions GIGABYTE Control Center versions prior to 25.12.10.01 Description GIGABYTE Control Center has an Arbitrary File Write issue. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the operating system. This can lead to arbitrary code execution or privilege escalation. Reports indicate increased actor activity targeting this issue. The vulnerability affects a large number of gaming systems, potentially allowing attackers to gain system-level access. Recommendations Update GIGABYTE Control Center to version 25.12.10.01 or later.

**Name of the Vulnerable Software and Affected Versions** Gigabyte Control Center versions (affected versions not specified) **Description** The Performance Library component of Gigabyte Control Center contains an issue where maliciously serialized data can be sent to the EasyTune Engine service. An authenticated local attacker can exploit this to escalate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: All in one Minifier plugin for WordPress versions prior to 3.3 Description: The All in one Minifier plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of the `post id` parameter and inadequate preparation of existing SQL queries. This allows unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. Recommendations: Update the All in one Minifier plugin to version 3.3 or later.