Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Hackers Use NFC Relay Malware to Clone Tap-to-Pay Android Transactions

A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through…

HackRead
Open in Source
#web#android#google#git#auth
GHSA-7p73-8jqx-23r8: LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

### Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. ### Details [`/langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py`](https://github.com/langchain-ai/langgraph/blob/ee5d052a07aadd76dae123a27009ea0a3694fa0a/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py#L407) The key portion of the JSON path is concatenated directly into the SQL string without sanitation. There's a few different occurrences within the file. ```python filter_conditions.append( "json_extract(value, '$." + key # <-- Directly concatenated, no escaping! + "') = '" + value.replace("'", "''") # <-- Only value is escaped + "'" ) ``` ### Who is affected This issue affects **only developers or projects that directly use the `checkpoint-sqlite` store**. An application is vulnerable only if it:...

GHSA-cfjq-28r2-4jv5: Zitadel May Bypass Second Authentication Factor

### Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. ### Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens are issued for active sessions, which can be used as Bearer tokens to call the Zitadel API. Starting from 2.55.0 (see other affected versions below), Zitadel only required multi factor authentication in case the login policy has either enabled `requireMFA` or `requireMFAForLocalUsers`. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and po...

GHSA-xrw9-r35x-x878: Zitadel allows brute-forcing authentication factors

### Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. ### Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. ### Affected Versions All versions within the following ranges, including release candidates (RCs), are affected: - **4.x**: `4.0.0` to `4.4.0` (including RC versions) - **3.x**: `3.0.0` to `3.4.2` (including RC versions) - **2.x**: `v2.0.0` to `2.71.17` ### Patches The vulnerability has been addressed in the latest releases. The patch resolves the issue by enforcing the lockout policy on all OTP, TOTP and p...

GHSA-mwmh-7px9-4c23: ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection

### Impact A potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. ### Affected Versions Systems running one of the following versions: - **4.x**: `4.0.0` to `4.5...

GHSA-grjp-54v3-c442: OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

# Patch This is fixed with [commit b953092](https://github.com/PixarAnimationStudios/OpenUSD/commit/b9530922b6a8ea72cd43661226b693fff8abbe4c), with the fix available in OpenUSD 25.11 and onwards. # Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrating the issue. Indeed, we see a use after free exception when running the file through our importer with an address sanitizer. [zdi-23709-poc0.zip](https://github.com/user-attachments/files/17474297/zdi-23709-poc0.zip) Thanks in advance.

GHSA-2374-6cvw-qmx6: DNN CKEditor Provider allows unauthenticated upload out-of-the-box

### Summary The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. ### Details The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a real need for the implementation to allow unauthenticated uploads, then the web.config can be edited by the implementer to remove that block and open the endpoint to the public.

The Microsoft Azure Outage Shows the Harsh Reality of Cloud Failures

The second major cloud outage in less than two weeks, Azure’s downtime highlights the “brittleness” of a digital ecosystem that depends on a few companies never making mistakes.

GHSA-q2pj-6v73-8rgj: TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update

### Summary SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. ### Details Vulnerable Code: ```js const { username, city, name} = req.body; const updateData = { username, city, name, id:userId }; // Developer aims to only allow above three fields to be updated const result = await userRepo.save(updateData); ``` Intended Payload (non-malicious): ` username=myusername&city=Riga&name=Javad ` _OR_ `{username:\"myusername\",phone:12345,name:\"Javad\"} ` SQL query produced: ```sql UPDATE `user` SET `username` = 'myusername', `city` = 'Riga', `name` = 'Javad' WHERE `id` IN (1); ``` Malicious Payload: `username=myusername&city[name]=Riga&city[role]=admin ` _OR_ `{username:\"myusername\",city:{name:\"Javad\",role:\"admin\"}} ` SQL query produced with Injected Column: ```sql UPDATE `user` SET `username` = 'myusername...

Hackers Hijack Corporate XWiki Servers for Crypto Mining

Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers.