Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-9v8j-x534-2fx3: Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

### Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0. ### Impact That allows an attacker to be able to execute a Signature Wrapping attack and bypass the authentication

ghsa
Open in Source
#vulnerability#git#auth#ruby
GHSA-2m4f-cg75-76w2: NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

### Summary A Cross-Site Scripting (XSS) vulnerability exists in the `ui.interactive_image` component of NiceGUI (v3.3.1 and earlier). The component renders SVG content using Vue's `v-html` directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG `<foreignObject>` tag. ### Details The vulnerability is located in `nicegui/elements/interactive_image.js`. The component uses the following code to render content: ```javascript <g v-html="content"></g> ``` Vue's v-html directive renders raw HTML strings into the DOM. If an application allows user-controlled input to be passed to the content property of an interactive image, an attacker can embed a <foreignObject> tag containing malicious scripts, bypassing typical image restrictions. ### PoC ```python from nicegui import ui @ui.page('/') def main(): ui.label('NiceGUI SVG XSS PoC') # Standard image loading img = ui.interactive_image('[https://picsum.photos/640/360](https:...

GHSA-mpmc-qchh-r9q8: Altcha Proof-of-Work obfuscation mode cryptanalytic break

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction.

GHSA-72qc-wxch-74mg: NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

### Summary A Cross-Site Scripting (XSS) vulnerability exists in `ui.add_css`, `ui.add_scss`, and `ui.add_sass` functions in NiceGUI (v3.3.1 and earlier). These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended `<style>` or `<script>` tags by injecting closing tags (e.g., `</style>` or `</script>`), allowing for the execution of arbitrary JavaScript. ### Details The vulnerability stems from how these functions inject content into the DOM using `client.run_javascript` (or `add_head_html` internally) without sufficient escaping for the transport layer. * **`ui.add_css`**: Injects content into a `<style>` tag. Input containing `</style>` closes the tag prematurely, allowing subsequent HTML/JS injection. * **`ui.add_scss` / `ui.add_sass`**: These rely on client-side compilation within `<script>` tags. Input containing `</script>` breaks the execut...

GHSA-wpqc-h9wp-chmq: n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

### Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the _Add Config_ operation. When an attacker-controlled workflow sets `core.hooksPath` to a directory within the cloned repository containing a Git hook such as `pre-commit`, Git executes that hook during subsequent Git operations. Because Git hooks run as local system commands, this behavior can lead to **arbitrary command execution** on the underlying n8n host. Successful exploitation requires the ability to create or modify an n8n workflow that uses the Git node. Affected versions: **≥ 0.123.1 and < 1.119.2** ### Patches This issue has been patched in **n8n version 1.119.2**. All users running affected versions should upgrade to **1.119.2 or later**. ### Workarounds If upgrading is not immediately possible, the following mitigations can reduce exposure: - Exclude the Git node ([Docs](https://n8n-docs.teamlab.info/hosting/securing/blocking-nodes/#exclude-nodes)). - Avoid cloning or...

ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings.

US Treasury Tracks $4.5B in Ransom Payments since 2013

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

GHSA-mg56-wc4q-rw4w: memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

GHSA-qgjp-5g5x-vhq2: memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

GHSA-99m2-qwx6-2w6f: memos vulnerability allows arbitrarily modification or deletion registered identity providers

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).