Tag
#vulnerability
Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…
> [!NOTE] > This advisory was originally emailed to community@solidjs.com by @nsysean. To sum it up, the use of javascript's `.replace()` opens up to potential XSS vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the attributes of `Meta` tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either `$'` or `$\`` to achieve XSS. The solid-meta package has this issue since it uses `useAffect` and context providers, which injects the used assets in the html header. "dom-expressions" uses `.replace()` to insert the assets, which is vulnerable to the special replacement patterns listed above. This effectively means that if the attributes of an asset tag contained user-controlled data, it would be vulnerable to XSS. For instance, there might be meta tags for the open graph protocol in a user profile page, but if attackers set the user query to some payload abusing `.replace()`, then they could execute a...
### Impact Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are influenced. LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request granting access to existing and new user identities. ### Patches None. ### Workarounds None. ### References - [This code segment](https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164) didn't validate a JWT signature.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 755 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of PowerFlex 755, a motor application control drive software, is affected: PowerFlex 755: Versions 16.002.279 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 The affected version of the product is vulnerable to credential exposure due to using HTTP, resulting in credentials being sent in clear text. This can allow sensitive data to be sniffed and captured by an attacker. CVE-2025-0631 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v...
An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED.
February Linux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE – 7-Zip (CVE-2025-0411). But it is about Windows MoTW and, naturally, is not exploitable on Linux. There are public exploits for 21 vulnerabilities. Among them there are […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting
Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).
Insufficient capability checks made it possible to disable badges a user does not have permission to access.