Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Spec…

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first …

The Amazon S3 Encryption Client for Go is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce …

The S3 Encryption Client for Java is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a …

The AWS SDK for Ruby is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differen…

The AWS SDK for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different …

AWS SDK for C++ is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different pla…

The Amazon S3 Encryption Client for .NET is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introd…

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.