#vulnerability

### Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take full control of the server. ### Details The file handler function trusts the filename provided by the user. This includes the cases when the user uses a path instead of the filename. This makes possible to write arbitrary files to the system and **replace** the files owned by _kuiper_ user on the filesystem. The vulnerable function is `fileUploadHandler` which is shown below: https://github.com/lf-edge/ekuiper/blob/1e6b6b6601445eb05316532f5fbef7f0a863ecfe/internal/server/rest.go#L329-L359 Exploitation of this vulnerability allows an attacker to rewrite the files owned by ekuiper including the main kuiper binaries as they are owned by _kuiper_ user: ![kuip...

## Summary Denial of Service vulnerability in `/rest/binary-data` endpoint when processing empty filesystem URIs (`filesystem://` or `filesystem-v2://`). ### Impact This is a Denial of Service (DoS) vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI requests. The vulnerability affects: - The `/rest/binary-data` endpoint - n8n.cloud instances (confirmed HTTP/2 524 timeout responses) Attackers can exploit this by sending GET requests with empty filesystem URIs (`filesystem://` or `filesystem-v2://`) to the `/rest/binary-data` endpoint, causing resource exhaustion and service disruption. ### Patches The issue has been patched in [1.99.0](https://github.com/n8n-io/n8n/releases/tag/n8n%401.99.0). All users should upgrade to this version or later. The fix introduces strict checking of URI patterns. Patch commit: https://github.com/n8n-io/n8n/pull/16229

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650 and SAM600-IO series Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy Relion 650: version 1.0.0 up to and not including 2.0.0 Hitachi Energy Relion 650: version 2.1.0 up to 2.2.0 Hitachi Energy Relion 650: version 2.2.0 up to 2.2.0.13 Hitachi Energy Relion 650: version 2.2.1.0 up to and including 2.2.1.8 Hitachi Energy Relion 650: version 2.2.4.0 up to and including 2.2.4.5 Hitachi Energy Relion 650: version 2.2.5.0 up to and including 2.2.5.7 Hitachi Energy Relion 650: version 2.2.6.0 up to and including 2.2.6.3 Hita...

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector.

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user’s privileges. While this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.

An authenticated local file inclusion vulnerability exists in Microweber CMS versions < 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifying an absolute file path in the src parameter of the upload request, the server may relocate or delete the target file depending on the web service user’s privileges. The corresponding download endpoint can then be used to retrieve the file contents, effectively enabling local file disclosure. This behavior stems from insufficient validation of user-supplied paths and inadequate restrictions on file access and backup logic.

A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.

Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions…