Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

GHSA-rm8p-cx58-hcvx: Axios has Transitive Critical Vulnerability via form-data — Predictable Boundary Values (CVE-2025-7783)

### Summary A critical vulnerability exists in the form-data package used by `axios@1.10.0`. The issue allows an attacker to predict multipart boundary values generated using `Math.random()`, opening the door to HTTP parameter pollution or injection attacks. This was submitted in [issue #6969](https://github.com/axios/axios/issues/6969) and addressed in [pull request #6970](https://github.com/axios/axios/pull/6970). ### Details The vulnerable package `form-data@4.0.0` is used by `axios@1.10.0` as a transitive dependency. It uses non-secure, deterministic randomness (`Math.random()`) to generate multipart boundary strings. This flaw is tracked under [Snyk Advisory SNYK-JS-FORMDATA-10841150](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150) and [CVE-2025-7783](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150). Affected `form-data` versions: - <2.5.4 - >=3.0.0 <3.0.4 - >=4.0.0 <4.0.4 Since `axios@1.10.0` pulls in `form-data@4.0.0`, it is exposed to this issue. ### PoC...

ghsa
Open in Source
#vulnerability#ios#nodejs#js#git
Flowable’s Summer 2025 Update Introduces Groundbreaking Agentic AI Capabilities

Flowable’s 2025.1 update brings powerful Agentic AI features to automate workflows, boost efficiency, and scale intelligent business operations.

&#8216;Car crash victim&#8217; calls mother for help and $15K bail money. But it&#8217;s an AI voice scam

A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.

Why You Should Use Geolocation in Your React App’s Authentication Process

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

GHSA-29cq-5w36-x7w3: Livewire is vulnerable to remote command execution during component property update hydration

### Impact In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. ### Patches This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. ### Workarounds There is no known workaround at this time. Users are strongly advised to upgrade to a patched version immediately. ### Resources No public references available at this time to avoid exposure. Details will be published after a responsible disclosure window.

How Secure Is Online Fax: Privacy and Data Protection Standards

When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is…

Dating app scammer cons former US army colonel into leaking national secrets

A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.

GHSA-4q2v-9p7v-3v22: Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Cut Response Time with This Free, Powerful Threat Intelligence Service

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.