Security
Headlines
HeadlinesLatestCVEs

Latest News

Deepfake Fraud Tools Are Lagging Behind Expectations

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.

DARKReading
Open in Source
GHSA-mw8h-g64c-rxv4: Shiori is vulnerable to authentication bypass via a brute force attack

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.

ghsa
Open in Source
#git#intel#auth
GHSA-q5qq-mvfm-j35x: Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

#Fickling's assessment `ctypes`, `importlib`, `runpy`, `code` and `multiprocessing` were added the list of unsafe imports (https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9, https://github.com/trailofbits/fickling/commit/29d5545e74b07766892c1f0461b801afccee4f91, https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1, https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1). # Original report ## Summary The `unsafe_imports()` method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. ## Details In `fickling/fickle.py` lines 866-884, the `unsafe_imports()` method checks imported m...

GHSA-5hvc-6wx8-mvv4: Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

# Fickling's assessment `pydoc` and `ctypes` were added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1). # Original report ### Summary Both ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE ### Details Import: GLOBAL pydoc locate (Allowed). Resolution: Call locate('ctypes.windll.kernel32.WinExec'). Execution: Call the result with (b'calc.exe', 1). To bypass the unused variable check an exception object is used, on the assumption that Exception would not be blocked in the future as it is a benign builtin ### PoC ```python import os GLOBAL = b'c' STRING = b'S' BININT = b'K' TUPLE1 = b'\x85' TUPLE2 = b'\x86' EMPTY_TUPLE = b')' REDUCE = b'R' PUT = b'p' GET = b'g' POP = b'0' E...

GHSA-p523-jq9w-64x9: Fickling Blocklist Bypass: cProfile.run()

# Fickling's assessment `cProfile` was added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43). # Original report ## Description ### Summary Fickling versions up to and including 0.1.6 do not treat Python's `cProfile` module as unsafe. Because of this, a malicious pickle that uses `cProfile.run()` is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. ### Details The `cProfile` module is missing from fickling's block list of unsafe module imports in `fickling/analysis.py`. This is the same root cause as CVE-2025-67748 (pty) and CVE-2025-67747 (marshal/types). Incriminated source code: - File: `fickling/analysis.py` - Class: `U...

GHSA-wfq2-52f7-7qvj: Fickling has a bypass via runpy.run_path() and runpy.run_module()

# Fickling's assessment `runpy` was added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66). # Original report ### Summary Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. ### Details The `runpy` module is missing from fickling's block list of unsafe module imports in `fickling/analysis.py`. This is the same root cause as CVE-2025-67748 (pty) and CVE-2025-67747 (marshal/types). Incriminated source code: - File: `fickling/analysis.py` - Class: `UnsafeIm...

Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses

Large businesses or governments aren’t the only ones threatened by cyber attacks. Every organization is now equally threatened.…

GHSA-wvpq-h33f-8rp6: October CMS Vulnerable to Stored XSS via Branding Styles

A cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration forms: - **Branding and Appearances Styles** A user with the `Customize Backend Styles` permission could inject malicious HTML/JS into the stylesheet input at *Settings → Branding & Appearance → Styles*. A specially crafted input could break out of the intended `<style>` context, allowing arbitrary script execution across backend pages for all users. --- ### Impact - Persistent XSS across the backend interface. - Exploitable by lower-privileged accounts with the above permissions. - Potential consequences include privilege escalation, session hijacking, and execution of unauthorized actions in victim sessions. --- ### Patches The vulnerability has been patched in **v4.0.12** and **v3.7.13**. Stylesheet inputs are now sanitized to prevent injection of arbitrary HTML/JS. All users are strongly encouraged to upgrade to the latest patched version. --- ### Workaround...

GHSA-585q-cm62-757j: mnl has segmentation fault and invalid memory read in `mnl::cb_run`

The function `mnl::cb_run` is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers. Passing a crafted byte slice to `mnl::cb_run` can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to out-of-bounds reads. This vulnerability allows an attacker to cause a Denial of Service (segmentation fault) or potentially read unmapped memory by providing a malformed Netlink message.

GHSA-4f6g-68pf-7vhv: pypdf has possible long runtimes for malformed startxref

### Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. ### Patches This has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0). ### Workarounds ```python from pypdf import PdfReader, PdfWriter # Instead of reader = PdfReader("file.pdf") # use the strict mode: reader = PdfReader("file.pdf", strict=True) # Instead of writer = PdfWriter(clone_from="file.pdf") # use an explicit strict reader: writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True)) ``` ### Resources This issue has been fixed in #3594.