Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-x82r-6j37-vrgg: Pimcore's Admin Classic Bundle allows HTML Injection

### Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. ### Details The vulnerability was discovered in the `/admin/email/send-test-email` endpoint using the `POST` method. The vulnerable parameter is `content`, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. ### PoC To reproduce the vulnerability, a user must fill out the email's content form with the desired HTML payload. ![send-test-mail-text](https://github.com/user-attachments/assets/0e02b004-ce88-4018-b7cb-ae15a8ec2300) ### Impact ![mail-text](https://github.com/user-attachments/assets/67080d10-0cef-4f65-a157-4f012203f0a3) This HTML injection vulnerability can potentially enable phishing attacks by allo...

ghsa
Open in Source
#vulnerability#git#java
GHSA-hh7j-6x3q-f52h: Shopware 6 allows attackers to check for registered accounts through the store-api

### Impact Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint `/store-api/account/recovery-password` you get the response ``` {"errors":[{"status":"404","code":"CHECKOUT__CUSTOMER_NOT_FOUND","title":"Not Found","detail":"No matching customer for the email \u0022asdasfd@asdads.de\u0022 was found.","meta":{"parameters":{"email":"asdasfd@asdads.de"}}}]} ``` which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. ### Patches Update to Shopware 6.6.10.3 or 6.5.8.17 ### Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Online Gaming Risks and How to Avoid Them

Online gaming has become an integral part of modern entertainment, with millions of players connecting from all over…

CVE-2025-27467: Windows Digital Media Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited the vulnerability could elevate from a low integrity level up to a medium integrity level.

Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords

A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components.

GHSA-v7x6-rv5q-mhwc: Picklescan missing detection when calling built-in python library function timeit.timeit()

### Summary Using timeit.timeit() function, which is a built-in python library function to execute remote pickle file. ### Details Pickle’s deserialization process is known to allow execution of function via reduce method. While Picklescan is meant to detect such exploits, this attack evades detection by calling built-in python library function like **timeit.timeit()**. And since timeit library wasn't inside unsafe globals blacklist, it may not raise red flag in the security scan. The attack payload executes in the following steps: First, the attacker craft the payload by calling to **timeit.timeit()** function from timeit library in __reduce__ method Then, inside reduce method, the attacker import dangerous libarary like os and calling **os.system()** to run OS commands, for example: curl command. And then the attacker send this malicious pickle file to the victim. Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn...

GHSA-f7f6-9jq7-3rqj: estree-util-value-to-estree allows prototype pollution in generated ESTree

### Impact When generating an ESTree from a value with a property named `__proto__`, `valueToEstree` would generate an object that specifies a prototype instead. Example: ```js import { generate } from 'astring' import { valueToEstree } from 'estree-util-value-to-estree' const estree = valueToEstree({ ['__proto__']: {} }) const code = generate(estree) console.log(code) ``` Output: ```js { "__proto__": {} } ``` ### Patches This was fixed in version [3.3.3](https://github.com/remcohaszing/estree-util-value-to-estree/releases/tag/v3.3.3). ### Workarounds If you control the input, don’t specify a property named `__proto__`. If you don’t control the output, strip any properties named `__proto__` before passing it to `valueToEstree`.