Latest News

## Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s `alg` value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable **JWT algorithm confusion** and, in certain configurations, allow forged tokens to be accepted. ## Details When verifying JWTs using JWKs or a JWKS endpoint, the middleware selected the verification algorithm based on the JWK’s `alg` field if present, but otherwise fell back to the `alg` value provided in the unverified JWT header. Because the `alg` field in a JWK is optional and often omitted in real-world JWKS configurations, this behavior could allow an attacker to control the algorithm used for verification. In some environments, this may lead to authentication or authorization bypass through crafted tokens. The practical impact depends on application configuration, including which algorithms are accepted and how JWTs are used for authorization decisions. ## Im...

### Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in `jaraco.context.tarball()` function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. The code can be found: - https://github.com/jaraco/jaraco.context/blob/main/jaraco/context/__init__.py#L74-L91 - https://github.com/pypa/setuptools/blob/main/setuptools/_vendor/jaraco/context.py#L55-L76 (inherited) This report was also sent to setuptoo...

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

### Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Sven Jürgens and Daniel Windloff for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-003](https://typo3.org/security/advisory/typo3-core-sa-2026-003)

### Problem Backend users with access to the redirects module and write permission on the `sys_redirect` table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs - facilitating phishing or other malicious redirect attacks. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Georg Dümmler for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### References * [TYPO3-CORE-SA-2026-002](https://typo3.org/security/advisory/typo3-core-sa-2026-002)

### Problem By exploiting the `defVals` parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Daniel Windloff for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it. ### References * [TYPO3-CORE-SA-2026-001](https://typo3.org/security/advisory/typo3-core-sa-2026-001)

### Summary **Description** A Mass Assignment (CWE-915) vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or model. This affects @adonisjs/lucid through version 21.8.1 and 22.x pre-release versions prior to 22.0.0-next.6. This has been patched in @adonisjs/lucid versions 21.8.2 and 22.0.0-next.6. ### Details A vulnerability in the `BaseModelImpl` class of `@adonisjs/lucid` may allow an attacker to overwrite internal class properties (such as `$isPersisted`, `$attributes`, or `$isDeleted`) when passing plain objects to model assignment methods. The library relies on a `this.hasOwnProperty(key)` check to validate assignment targets. However, because internal ORM state properties are initialized as instance properties, they pass this check. Consequently, if an attacker can influence specific ...

### Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on `http://localhost:4096`. From there, it is possible to run arbitrary commands on the local system using the `/pty/` endpoints provided by the OpenCode API. ### Code execution via OpenCode API - The OpenCode API has `/pty/` endpoints that allow spawning arbitrary processes on the local machine. - When you run `opencode` in your terminal, OpenCode automatically starts an HTTP server on `localhost:4096` that exposes the API along with a web interface. - JavaScript can make arbitrary same-origin `fetch()` requests to the `/pty/` API endpoints. Therefore, JavaScript execution on `http://localhost:4096` gets you code execution on local the machine. ### JavaScript execution on localhost:4096 The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to pre...