Xlabai Team

**Name of the Vulnerable Software and Affected Versions** Vault Community Edition versions prior to 2.0.0 Vault Enterprise versions prior to 2.0.0 **Description** An unauthenticated attacker can cause a denial-of-service condition by repeatedly initiating or canceling root token generation or rekey operations. This action occupies the single in-progress operation slot, which prevents legitimate operators from completing these specific workflows. **Recommendations** Update Vault Community Edition to version 2.0.0. Update Vault Enterprise to version 2.0.0.

**Name of the Vulnerable Software and Affected Versions** BC-JAVA versions 1.59 through 1.83 **Description** The GOSTCTR implementation in the G3413CTRBlockCipher program files is unable to process more than 255 blocks correctly, resulting in the use of a broken or risky cryptographic algorithm. **Recommendations** Update to version 1.84.

**Name of the Vulnerable Software and Affected Versions** Home Assistant Core versions prior to 2025.8.0 **Description** The Downloader integration does not completely validate file paths when combining them, which creates a directory traversal issue. This allows unauthorized access to files outside the intended directory. **Recommendations** Update to Home Assistant Core version 2025.8.0 or later.