#vulnerability

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.

Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…

### Summary Atlantis publicly exposes detailed version information on its `/status` endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. ### Details The `/status` endpoint in Atlantis returns not only a health check but also detailed version and build information. This disclosure violates the principle of minimizing exposed sensitive metadata and can be leveraged by adversaries to correlate the version information with public vulnerability databases, including CVE listings. Although Atlantis is a public repository maintained by an external team, reducing this exposure can lessen the overall risk of targeted attacks. For example, the source code handling the `/status` endpoint exposes version details that allow one to infer software dependencies and system configurations. Best practices, including guidelines from the [OWASP Top 10](https:/...

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when there is a specific error marshaling the `parameters` sent to the providers. ### Am I vulnerable? To check if tokens are being logged, examine the manager container log: ```bash kubectl logs -l 'app.kubernetes.io/part-of=secrets-store-sync-controller' -c manager -f | grep --line-buffered "csi.storage.k8s.io/serviceAccount.tokens" ``` ### Affected Versions - secrets-store-sync-controller < v0.0.2 ### How do I mitigate this vulnerability? Upgrade to secrets-store-sync-controller v0.0.2+ ### Fixed Versions - secrets-store-sync-controller >= v0.0.2 ### Detection Examine cloud provider logs for unexpected token exchanges, as well as unexpected...

### Impact **What kind of vulnerability is it?** This is a **Critical** severity directory traversal (path traversal) vulnerability in the `File.download()` method of the `internetarchive` library. **Who is impacted?** All users of the `internetarchive` library versions `< 5.5.1` are impacted. The vulnerability is particularly critical for users on **Windows systems**, but all operating systems are affected. **Description of the vulnerability:** The vulnerability existed because the `file.download()` method did not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., `../../../../windows/system32/file.txt`) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. **Potential Impact:** An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privil...

## Summary Insecure session handling opened room for a privilege escalation scenario in which [prebuilt workspaces](https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces) could be compromised by abusing a shared system identity. ## Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via [`coder_workspace_owner.session_token`](https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace_owner#session_token-1). Prebuilt workspaces are initially owned by a built-in `prebuilds` system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the `prebuilds` user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. For example, the [coder-login module](https://github.com/coder/registry/blob/8677e7...

Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. "Sitecore Experience Manager (XM), Experience