Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-3w8q-xq97-5j7x: Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function

When an application passed an attacker controlled float poing number into the `toFixed()` function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: `NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult` where `pow5mult` attempts to raise `5` to a ridiculous power. Example code: `(4.47118444E-314).toFixed(2)`

ghsa
Open in Source
#dos#js#git#java#maven
GHSA-jf75-p25m-pw74: Coder logs sensitive objects unsanitized

## Summary Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized ## Details By default Workspace Agent logs are redirected to [stderr](https://linux.die.net/man/3/stderr) https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439 [Workspace Agent Manifests](https://coder.com/docs/reference/agent-api/schemas#agentsdkmanifest) containing sensitive environment variables were logged insecurely https://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090 An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system ([SIEM](https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool), logging stack) could access those logs This behavior opened room for unauthorized access and privilege escalation ## Impact Impact varies depending on the environment variables set in a given workspace ## Patches [Fix](https://g...

GHSA-xq4m-mc3c-vvg3: Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version. Thank you to [RyotaK](hxxps://ryotak.net) from [GMO Flatt Security Inc.](hxxps://flatt.tech/en/) for reporting this issue!

GHSA-q3hc-j9x5-mp9m: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family

We believe that we have discovered a potential security vulnerability in ImageMagick’s Magick++ layer that manifests when `Options::fontFamily` is invoked with an empty string. **Vulnerability Details** - Clearing a font family calls `RelinquishMagickMemory` on `_drawInfo->font`, freeing the font string but leaving `_drawInfo->font` pointing to freed memory while `_drawInfo->family` is set to that (now-invalid) pointer. Any later cleanup or reuse of `_drawInfo->font` re-frees or dereferences dangling memory. - `DestroyDrawInfo` and other setters (`Options::font`, `Image::font`) assume `_drawInfo->font` remains valid, so destruction or subsequent updates trigger crashes or heap corruption. ```cpp if (family_.length() == 0) { _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font); DestroyString(RemoveImageOption(imageInfo(),"family")); } ``` - **CWE-416 (Use After Free):** `_drawInfo->font` is left dangling yet still reachable through the Options object. - **CW...

Attackers have a new way to slip past your MFA

Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token.

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the

Architecture Patterns That Enable Cycode alternatives at Scale

Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control.

How attackers use real IT tools to take over your computer

We’ve seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims’ systems.

GHSA-424m-fj2q-g7vg: Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

### Impact Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. ### Workaround If the standard CSP rules are active (default in production mode), an exploit isn't possible. ### Credits Lwin Min Oo <lwinminoo2244@gmail.com>

Fileless protection explained: Blocking the invisible threat others miss

Your antivirus scans files. But what about attacks that never create files? Here's how we catch the threats hiding on your family's computers.