SEI-CERT Security News

Software Engineering Institute

Carnegie Mellon University

Computer Emergency Readiness Team

  1. VU#252619: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
    Source: SEI-CERT Published on 04.03.2025
  2. VU#726882: Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
    Source: SEI-CERT Published on 02.28.2025
  3. VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
    Source: SEI-CERT Published on 02.11.2025
  4. VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called “Time Bandit”
    Source: SEI-CERT Published on 01.30.2025
  5. VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
    Source: SEI-CERT Published on 01.17.2025
  6. VU#952657: Rsync contains six vulnerabilities
    Source: SEI-CERT Published on 01.14.2025
  7. VU#529659: Howyar Reloader UEFI Bootloader Vulnerable to Unsigned Software Execution
    Source: SEI-CERT Published on 01.14.2025
  8. VU#164934: PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
    Source: SEI-CERT Published on 12.11.2024
  9. VU#123336: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
    Source: SEI-CERT Published on 10.23.2024

CERT Insider Threat Best Practices

  1. Introducing the Insider Incident Data Exchange Standard (IIDES)
    Source: SEI-CERT Insider Threat Published on 02.03.2025
  2. The Top 10 Blog Posts of 2024
    Source: SEI-CERT Insider Threat Published on 01.06.2025