Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2025-49670: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#buffer_overflow#auth#Windows Routing and Remote Access Service (RRAS)#Security Vulnerability
CVE-2025-47984: Windows GDI Information Disclosure Vulnerability

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

CVE-2025-21195: Azure Service Fabric Runtime Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

CVE-2025-47972: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

GHSA-36rg-gfq2-3h56: Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

### Summary An open redirect has been found in the `originCheck` middleware function, which affects the following routes: `/verify-email`, `/reset-password/:token`, `/delete-user/callback`, `/magic-link/verify`, `/oauth-proxy-callback`. ### Details In the `matchesPattern` function, `url.startsWith(` can be deceived with a `url` that starts with one of the `trustedOrigins`. ```jsx const matchesPattern = (url: string, pattern: string): boolean => { if (url.startsWith("/")) { return false; } if (pattern.includes("*")) { return wildcardMatch(pattern)(getHost(url)); } return url.startsWith(pattern); }; ``` ### Open Redirect PoCs ```jsx export const auth = betterAuth({ baseURL: 'http://localhost:3000', trustedOrigins: [ "http://trusted.com" ], emailAndPassword: { ... }, }) ``` #### `/reset-password/:token` <img width="481" alt="image" src="https://github.com/user-attachments/assets/46e7871a-1dad-4375-af94-0446e29aaab6" /> <br/> <img width="518" alt...

ICC Contained Cyberattack Amid Espionage Threats and Pressure

International Criminal Court faces new "sophisticated" cyberattack in The Hague. Occurring near the NATO summit, this incident impacts the ICC as it handles major global cases.