Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

CVE Database V5

Detailed information about CVE-2025-3508: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in HP Inc. Certain HP DesignJet products affecting 

CVE-2025-3508: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in HP Inc. Certain HP DesignJet products - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3508: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in HP Inc. Certain HP DesignJet products

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

Source: https://hackread.com/hacker-added-prompt-amazon-q-erase-files-cloud-data/

The reported security threat involves a hacker adding a malicious prompt to Amazon Q, a product or service presumably related to Amazon's cloud or file management offerings. This prompt allegedly enables the erasure of files and cloud data, potentially leading to data loss or disruption of services. The information originates from a Reddit InfoSec News post linking to an article on hackread.com. However, the technical details are sparse, with no affected versions specified, no known exploits in the wild, and minimal discussion or corroboration from other sources. The threat appears to be a form of unauthorized code injection or manipulation within Amazon Q that could trigger destructive commands, such as deleting files or cloud-stored data. Given the lack of detailed technical data, it is unclear how the attacker gained access or the exact mechanism of the prompt insertion. The severity is assessed as medium, reflecting the potential for data loss but limited evidence of widespread exploitation or confirmed vulnerabilities. The absence of patch information or CVEs suggests this may be an emerging or unconfirmed threat. Overall, the threat highlights the risk of unauthorized modifications to cloud management interfaces that could lead to significant data integrity and availability issues if exploited.

Reddit InfoSec News

Detailed information about Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data. Get real-time updates, technical details, and mitigation strategies.

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data - Live Threat Intelligence - Threat Radar | OffSeq.com

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

Reddit Discussion: Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application.


sl_si91x_aes
sl_si91x_gcm
sl_si91x_ccm 
sl_si91x_sha

CVE-2025-3873 is a medium-severity vulnerability affecting Silicon Labs' WiseConnect software stack, specifically versions prior to 3.4.0, including version 3.0.0. The vulnerability arises from an out-of-bounds write (CWE-787) in several cryptographic APIs: sl_si91x_aes, sl_si91x_gcm, sl_si91x_ccm, and sl_si91x_sha. These APIs fail to properly validate the size of the output buffer provided by the caller, which can lead to data corruption on the host Cortex-M4 application. The affected device is the Silicon Labs SiWx91x wireless microcontroller. The vulnerability does not require user interaction or authentication but does require low-level privileges (PR:L) to exploit. The CVSS 4.0 base score is 6.0, indicating a medium severity level. The attack vector is network-based (AV:N), but the attack complexity is high (AC:H), meaning exploitation requires specific conditions or expertise. The impact on confidentiality is low, but the impact on integrity and availability is high, as data corruption could cause application malfunction or denial of service. No known exploits are currently reported in the wild, and no patches are linked yet, though the issue is reserved and published as of mid-2025. The vulnerability affects cryptographic operations, which are critical for secure communications and data protection in embedded IoT and wireless devices using the SiWx91x platform.

Detailed information about CVE-2025-3873: CWE-787 Out-of-bounds Write in silabs.com WiseConnect affecting silabs.com WiseConnect. Get real-time updates, technic

CVE-2025-3873: CWE-787 Out-of-bounds Write in silabs.com WiseConnect - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3873: CWE-787 Out-of-bounds Write in silabs.com WiseConnect

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

CVE-2025-34139 is a high-severity vulnerability affecting multiple Sitecore products, including Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud deployments. The vulnerability allows an unauthenticated attacker to read arbitrary files on affected systems. It impacts all Experience Platform topologies from version 8.0 Initial Release through 10.4 Initial Release and later, including Content Management (CM) and standalone instances, as well as PaaS and containerized solutions. The CVSS 4.0 base score is 8.7, reflecting a network attack vector with low attack complexity, no privileges or user interaction required, and a high impact on confidentiality. The vulnerability does not affect integrity or availability but allows unauthorized disclosure of potentially sensitive files. This could include configuration files, source code, or other sensitive data stored on the server. The flaw likely stems from improper access controls or path traversal issues in the file handling components of Sitecore Experience Manager and related products. No known exploits are currently reported in the wild, but the ease of exploitation and broad impact surface make this a critical issue to address promptly. The lack of available patches at the time of reporting increases the urgency for mitigation through compensating controls.

Detailed information about CVE-2025-34139: Vulnerability in Sitecore Experience Manager (XM) affecting Sitecore Experience Manager (XM). Get real-time updates, 

CVE-2025-34139: Vulnerability in Sitecore Experience Manager (XM) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-34139: Vulnerability in Sitecore Experience Manager (XM)

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.

Detailed information about CVE-2025-2000: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK affecting IBM Qiskit SDK. Get real-time updates, technical

CVE-2025-2000: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK

CVE-2025-2000: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK

Description

Technical Details

Related Threats

CVE-2025-3508: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in HP Inc. Certain HP DesignJet products

CVE-2025-3873: CWE-787 Out-of-bounds Write in silabs.com WiseConnect

CVE-2025-34139: Vulnerability in Sitecore Experience Manager (XM)

CVE-2025-34138: Vulnerability in Sitecore Experience Manager (XM)

CVE-2025-34114: CWE-749 Exposed Dangerous Method or Function in Laser Romae s.r.l. OpenBlow

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

CVE-2025-2000: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK

CVE-2025-2000: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK

Description

Technical Details

Related Threats

CVE-2025-3508: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in HP Inc. Certain HP DesignJet products

CVE-2025-3873: CWE-787 Out-of-bounds Write in silabs.com WiseConnect

CVE-2025-34139: Vulnerability in Sitecore Experience Manager (XM)

CVE-2025-34138: Vulnerability in Sitecore Experience Manager (XM)

CVE-2025-34114: CWE-749 Exposed Dangerous Method or Function in Laser Romae s.r.l. OpenBlow

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

CVE-2025-34114: CWE-749 Exposed Dangerous Method or Function in Laser Romae s.r.l. OpenBlow