Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-vw58-ph65-6rxp: Directus inserts access token from query string into logs

### Summary Access token from query string is not redacted and is potentially exposed in system logs which may be persisted. ### Details The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. ### PoC 1. Set `LOG_LEVEL="raw"` in the environment. 2. Send a request with the `access_token` in the query string. 3. Notice that the `access_token` in `req.query` is not redacted. ### Impact It impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string.

ghsa
Open in Source
#perl#auth
No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

Smishing Triad: The Scam Group Stealing the World’s Riches

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating.

GHSA-322v-vh2g-qvpv: Mattermost Fails to Restrict Certain Operations on System Admins

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system administrators via improper permission validation.

Data Breach at Planned Parenthood Lab Partner Exposes Info of 1.6M

Data breach at Laboratory Services Cooperative (LSC) exposed the sensitive health and personal information of 1.6 million individuals…

Homeland Security Email Tells a US Citizen to 'Immediately' Self-Deport

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to—and who actually received it—is far from clear.

GHSA-vrq4-9hc3-cgp7: TigerVNC accessible via the network and not just via a UNIX socket as intended

## Summary `jupyter-remote-desktop-proxy` was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by `jupyter-remote-desktop-proxy` were still accessible via the network. This vulnerability does not affect users having TurboVNC as the `vncserver` executable. ## Credits This vulnerability was identified by Arne Gottwald at University of Göttingen and analyzed, reported, and reviewed by @frejanordsiek.

GHSA-m454-3xv7-qj85: CVE-2025-1386- Query smuggling in ch-go library

### Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. ### Patches If you are using ch-go library, we recommend you to update to at least version 0.65.0. ### Credit This issue was found by lixts and reported through our bugcrowd program.

GHSA-hcg3-q754-cr77: golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing

Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…