#auth

# Summary Affected versions of the better-auth passkey plugin allow users with any valid session to delete arbitrary passkeys via their ID using `POST /passkey/delete-passkey`. # Details `ctx.body.id` is implicitly trusted and used in passkey deletion queries. better-auth applications configured with `useNumberId` may use auto incrementing IDs which makes it trivial to delete all passkeys via enumeration.

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions below 3.2.0.

### Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. ### Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. ### Workarounds Do not use the affected templates or patch them manually. ### Refsources https://contao.org/en/security-advisories/cross-site-scripting-in-templates

### Impact Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. ### Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5 ### Workarounds Manually patch the `Contao\Template::once()` method. ### Resources https://contao.org/en/security-advisories/remote-code-execution-in-template-closures

### Impact This attack is against presignatures used in very specific context: * Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously users could generate a presignature, and then choose a HD derivation path while issuing a partial signature via [`Presignature::set_derivation_path`](https://docs.rs/cggmp21/0.6.3/cggmp21/signing/struct.Presignature.html#method.set_derivation_path), which is malleable to attack that reduces target security level. To mitigate, this method has been removed from API. * Presignatures + "raw signing" (when signer signs a hash without knowing an original message): results into signature forgery attack \ Previously, users were able to configure [`Presignature::issue_partial_signature`](https://docs.rs/cggmp21/0.6.3/cggmp21/signing/struct.Presignature.html#method.issue_partial_signature) with hashed message without ever providing original mesage. In new API, this method only accepts digests for which original message has been...

### Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. ### Patches * `cggmp21 v0.6.3` is a patch release that contains a fix that introduces this specific missing check * However, cggmp21 recommends upgrading to `cggmp24 v0.7.0-alpha.2` which contains many other security checks as a precaution. Follow [migration guideline](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade. ### Workarounds Update to `cggmp21 v0.6.3`, a minor release that contains a minimal security patch. However, for full mitigation, users will need to upgrade to `cggmp24 v0.7.0-alpha.2` as it contains many more security check implementations. ### Resources Read this [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.

### Impact Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. ### Patches Versions 1.129.1, 1.122.8, 1.110.23 ### Resources - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1 - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8 - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23 ### Note VictoriaMetrics' security model assumes its APIs are properly secured (e.g. via access control flags or a firewall); this advisory addresses malicious input that should not be possible under a [correctly secured](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#security) deployment.

### Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the _decode() function in fugue/rpc/flask.py directly uses cloudpickle.loads() to deserialize data without any sanitization. This creates a remote code execution vulnerability when malicious pickle data is processed by the RPC server.The vulnerability exists in the RPC communication mechanism where the client can send arbitrary serialized Python objects that will be deserialized on the server side, allowing attackers to execute arbitrary code on the victim's machine. ### Details _decode() function in fugue/rpc/flask.py directly uses cloudpickle.loads() to deserialize data without any sanitization. ### PoC * Step1: The victim user starts an RPC server binding to open network using the Fugue framework. Here, I use the official RPC server code to initialize the server. * Step2: The attacker modifies the _encode()...

Immigration and Customs Enforcement lifted a $180 million cap on a proposed immigrant-tracking program while guaranteeing multimillion-dollar payouts for private surveillance firms.

## Description An XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint ``/geoserver/wms`` operation ``GetMap``. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. An XML External Entity attack is a type of attack that occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts. By exploiting this vulnerability, an attacker can: - Read arbitrary files from the server's file system. - Conduct Server-Side Request Forgery (SSRF) to interact with internal systems. - Execute Denial of Service (DoS) attacks by exhausting resources. ## Resolution Update to GeoServer 2.25.6, GeoServer 2.26.3, or GeoServer ...