#vulnerability

### Impact XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. ### Patches Release 1.0.9 of ucum fixes this vulnerability ### Workarounds Ensure that the source xml for instantiating UcumEssenceService is trusted. ### References * https://cwe.mitre.org/data/definitions/611.html * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j

A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. ### Impact An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method that meets the following criteria: - The callable is a function or static method - The callable has no parameters or no strict parameter types ### Vulnerable Components - The `remember(callable $query, string $key = '')` method in `Laravel\Pulse\Livewire\Concerns\RemembersQueries` - Affects all Pulse card components that use this trait ### Attack Vectors The vulnerability can be exploited through Livewire component interactions, for example: ```php wire:click="remember('\\Illuminate\\Support\\Facades\\Config::all', 'config')" `...

An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.

An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homeland—and the Pentagon's ability to respond is limited.

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

As the adoption of LCNC grows, so will the complexity of the threats organizations face.

SUMMARY Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently…

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.