#vulnerability

## Summary When using `Card.get_model`, `skops` allows for arbitrary code execution. This is due to the fact that `Card.get_model` allows both `joblib` and `skops` to be used for loading models, and as is well known, `joblib` allows for arbitrary code execution when loading objects. I do not know if this is intended or not, but I found this really concerning for a library that is founded on security. Even if intended, I kindly ask you to consider the security implications of this, disclose the potential implications through an advisory, and change the behavior of the function in future library versions (see below for possible fixes). ## What is the issue? The `Card.get_model` function allows loading models using the `get_model` method. When a `.skops` model is provided, it uses the `load` function from `skops`, which is secure to our knowledge. The `Card` class also allows consistent management of the `trusted` list, allowing it to be passed during instance creation. As expected, if...

## Summary There is an Open Redirection vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as `https://mydomain.com//malicious-site.com/`. This increases the risk of phishing and other social engineering attacks. This affects Astro >=5.2.0 sites that use on-demand rendering (SSR) with the Node or Cloudflare adapter. It does not affect static sites, or sites deployed to Netlify or Vercel. ## Background Astro performs automatic redirection to the canonical URL, either adding or removing trailing slashes according to the value of the [`trailingSlash`](https://docs.astro.build/en/reference/configuration-reference/#trailingslash) configuration option. It follows the following rules: - If `trailingSlash` is set to `"never"`, `https://example.com/page/` will redirect to `https://example.com/page` - If `trailingSlash` is set to `"always"`, `https://exa...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yealink Equipment: IP Phones Vulnerability: Improper Restriction of Excessive Authentication Attempts, Allocation of Resources Without Limits or Throttling, Incorrect Authorization, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yealink IP products are affected: SIP-T19P_E2: Versions prior to 53.84.0.121 SIP-T21P_E2: Versions prior to 52.84.0.121 SIP-T23G: Versions prior to 44.84.0.121 SIP-T40G: Versions prior to 76.84.0.121 SIP-T40P: Versions prior to 54.84.0.121 SIP-T27G: Versions prior to 69.84.0.121 SIP-T41S: Versions prior to 66.84.0.121 SIP-T42S: Versions prior to 66.84.0.121 SIP-T46S: Versions prior to 66.84.0.121 SIP- T48S: Versions prior to 66.84.0.121 SIP-CP920: Versions prior to 78.84.0.121 SIP-T53: Versions p...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: EG4 Electronics Equipment: EG4 Inverters Vulnerabilities: Cleartext Transmission of Sensitive Information, Download of Code Without Integrity Check, Observable Discrepancy, Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following EG4 Electronics inverters are affected: EG4 12kPV: All versions EG4 18kPV: All versions EG4 Flex 21: All versions EG4 Flex 18: All versions EG4 6000XP: All versions EG4 12000XP: All versions EG4 GridBoss: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 The MOD3 command traffic between the monitoring application and the ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Dreame Technology Equipment: Dreamehome and MOVAhome mobile applications Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Dreame and MOVA mobile apps are affected: Dreamehome iOS app: Versions 2.3.4 and prior Dreamehome Android app: Versions 2.1.8.8 and prior MOVAhome iOS app: Versions 1.2.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. CVE-2025-8393 has bee...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Packet Power Equipment: EMX, EG Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Packet Power products are affected: EMX: Versions prior to 4.1.0 EG: Versions prior to 4.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions. CVE-2025-8284 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been ca...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Out-of-bounds Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: Arena: Versions 16.20.09 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 A local code execution vulnerability exists in Rockwell Automation Arena due to a threat actor's ability to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. CVE-2025-7025 has been assigned to this vulnerabilit...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Burk Technology Equipment: ARC Solo Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of ARC Solo, a monitoring and control device primariliy used in broadcasting, is affected: ARC Solo: Versions prior to v1.0.62 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The device's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: FX80: FX 14.10.10 FX80: FX 14.14.1 FX90: FX 14.10.10 FX90: FX 14.14.1 3.2 VULNERABILITY OVERVIEW 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395 The affected product is vulnerable to a vulnerable third-party component, which could allow an attacker to compromise device configuration files. CVE-2025-43867 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-43867. A base score o...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAView Vulnerability: Improper Limitation of a Pathname to a Restricted Directory 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of DIAView industrial automation management system for providing real-time system control are affected: DIAView: Versions 4.2.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22 Delta Electronics DIAView is vulnerable to a path traversal vulnerability, which may allow an attacker to read or write files remotely on the system. CVE-2025-53417 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/...