#auth

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

### Impact A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted. ### Patches Please direct creation of new wallets to either `createSemiModularAccount` on `AccountFactory.sol` or `createWebAuthnAccount` on `WebAuthnFactory.sol`.

### Summary The `version` parameter of the `/docs` endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. ### PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link: http://localhost:8000/docs?version=%27%2balert(document.domain)%2b%27 ### Impact Refer to this [security advisory](https://github.com/Visionatrix/Visionatrix/security/advisories/GHSA-w36r-9jvx-q48v) for an example of the impact of a similar vulnerability that shares the same root cause. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on `Cadwyn` via a one-click attack. A CVSS for the average case may be: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L ### Details The vulnerable code snippet can be found in the 2 functions `swagger_dashboard` and `redoc_dashboard`: https://github.com/zmievsa/cadwyn/blob/main/cadwyn/applications.py#L387-L413 The implementation...

Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability. Roundcube is a popular open-source webmail client (IMAP). An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted Data (CWE-502). 🔹 On June 1, the vendor released patched versions 1.6.11 and 1.5.10. […]

Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to downgrade Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.FIDO keys are hardware- or software-based authenticators designed to eliminate phishing by binding logins to specific domains using public-private key

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. "Hard-coded login credentials were found in HPE