#auth

### Summary * When an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel **without logging in**. * In addition to this **remote code execution (RCE) vulnerability**, the flawed code also leads to **unauthorized access**. ### Details In Go, `r.URL.Path` retrieves the part of the URL that comes after the port and before the query parameters or anchor symbols. For example, in the URL `http://localhost:8080/api/ws/ssh?id=1`, the retrieved path would be `/api/ws/ssh`. However, if the request is made to `http://localhost:8080//api/ws/ssh?id=1`, the parsed `r.URL.Path` would be `//api/ws/ssh`. RatPanel uses the `CleanPath` middleware provided by `github.com/go-chi/chi` package to clean URLs, The route path inside the chi router will be cleaned to `/api/ws/ssh`, but this middleware does not process `r.URL.Path`, so the path is still `//a...

A new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to…

A prototype pollution vulnerability in `js-toml` allows a remote attacker to add or modify properties of the global `Object.prototype` by parsing a maliciously crafted TOML input. ### Impact The `js-toml` library is vulnerable to Prototype Pollution. When parsing a TOML string containing the specially crafted key `__proto__`, an attacker can add or modify properties on the global `Object.prototype`. While the `js-toml` library itself does not contain known vulnerable "gadgets", this can lead to severe security vulnerabilities in applications that use the library. For example, if the consuming application checks for the existence of a property for authorization purposes (e.g., `user.isAdmin`), this vulnerability could be escalated to an authentication bypass. Other potential impacts in the application include Denial of Service (DoS) or, in some cases, Remote Code Execution (RCE), depending on the application's logic and dependencies. Any application that uses an affected version of ...

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

### Summary **Path Traversal in pyLoad-ng CNL Blueprint via `package` parameter allows Arbitrary File Write leading to Remote Code Execution (RCE)** The `addcrypted` endpoint in `pyload-ng` suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. ### Details * **Endpoint**: `POST /addcrypted` * **Issue**: `src/pyload/webui/app/blueprints/cnl_blueprint.py` #### Vulnerable Code ```python dlc_path = os.path.join( dl_path, package.replace("/", "").replace("\\", "").replace(":", "") + ".dlc" ) dlc = flask.request.form["crypted"].replace(" ", "+") with open(dlc_path, mode="wb") as fp: ``` ### PoC ```http POST /addcrypted HTTP/1.1 Host: localhost:8000 Content-Type: application/x-www-form-urlencoded Content-Length:...

### Summary The `filter` parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. ### PoC `https://127.0.0.1:3923/?ru&filter=(.+)+x` ### Impact The server becomes fully inaccessible for a long time.

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically after release. Current users of Claude Code are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update. Thank you to Elad Beber (Cymulate) for reporting this issue!

Cybersecurity threats to local governments are part of life in the digital environment in which people live today.…

Security researchers at Bitdefender have found two critical vulnerabilities (CVE-2025-31700, CVE-2025-31701) in popular Dahua security cameras, including the Hero C1 model.