SEI-CERT Security News

Software Engineering Institute

Carnegie Mellon University

Computer Emergency Readiness Team

  1. VU#806555: A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
    Source: SEI-CERT Published on 06.10.2025
  2. VU#282450: Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
    Source: SEI-CERT Published on 06.10.2025
  3. VU#211341: A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
    Source: SEI-CERT Published on 06.10.2025
  4. VU#760160: libexpat library is vulnerable to DoS attacks through stack overflow
    Source: SEI-CERT Published on 05.09.2025
  5. VU#722229: Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
    Source: SEI-CERT Published on 05.07.2025
  6. VU#360686: Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
    Source: SEI-CERT Published on 05.02.2025
  7. VU#667211: Various GPT services are vulnerable to “Inception” jailbreak, allows for bypass of safety guardrails
    Source: SEI-CERT Published on 04.25.2025
  8. VU#252619: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
    Source: SEI-CERT Published on 04.03.2025
  9. VU#726882: Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
    Source: SEI-CERT Published on 02.28.2025
  10. VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
    Source: SEI-CERT Published on 02.11.2025
  11. VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called “Time Bandit”
    Source: SEI-CERT Published on 01.30.2025
  12. VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
    Source: SEI-CERT Published on 01.17.2025
  13. VU#952657: Rsync contains six vulnerabilities
    Source: SEI-CERT Published on 01.14.2025
  14. VU#529659: Howyar Reloader UEFI Bootloader Vulnerable to Unsigned Software Execution
    Source: SEI-CERT Published on 01.14.2025

CERT Insider Threat Best Practices

  1. Introducing the Insider Incident Data Exchange Standard (IIDES)
    Source: SEI-CERT Insider Threat Published on 02.03.2025
  2. The Top 10 Blog Posts of 2024
    Source: SEI-CERT Insider Threat Published on 01.06.2025