#vulnerability

Improper input validation in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

**How can I tell if this issue affects me, and what steps should I take to stay protected?** If you have Azure Monitor Agent extension version 1.37.0 or below you are affected. To protect your device, please upgrade to version 1.37.1 and above.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against traditional coding flaws.

About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability. A vulnerability from the October Microsoft Patch Tuesday. The Windows Remote Access Connection Manager (RasMan) service is a core Windows component that manages dial-up and Virtual Private Network (VPN) connections, ensuring secure communication between a computer and remote networks. An access control flaw […]

SUMMARY We have identified and verified an SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. AFFECTED COMPONENTS (VERIFIED) 1. Webhook Creation (pkg/ssh/cmd/webhooks.go:125) 2. Backend CreateWebhook (pkg/backend/webhooks.go:17) 3. Backend UpdateWebhook (pkg/backend/webhooks.go:122) 4. Webhook Delivery (pkg/webhook/webhook.go:97) IMPACT This vulnerability allows repository administrators to perform SSRF attacks, potentially enabling: a) Cloud Metadata Theft - Access AWS/Azure/GCP credentials via 169.254.169.254 b) Internal Network Access - Target localhost and private networks (10.x, 192.168.x, 172.16.x) c) Port Scanning - Enumerate internal services via response codes and timing d) Data Exfiltration - Full HTTP responses stored in webhook delivery logs e) Internal API Access - Call internal admin panels and Kubernetes endpoints PROOF OF CONCE...

### Summary An authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. ### Details The vulnerability is triggered when `modcp.php` processes a request that includes a `topic_id` (`t` parameter). The value of `$topic_id` is taken directly from user input and is not sanitized or parameterized before being concatenated into an SQL query. This occurs within the initial data retrieval block for a given topic ID. **Vulnerable Code Block in `modcp.php` (lines 111-122):** ```php if ($topic_id) { $sql = " SELECT f.forum_id, f.forum_name, f.forum_topics, f.self_moderated, t.topic_first_post_id, t.topic_poster FROM " . BB_TOPICS . " t, " . BB_FORUMS . " f WHERE t...

### Impact The XML [`Validator`](https://docs.oracle.com/javase/8/docs/api/javax/xml/validation/Validator.html) used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed *parsing* of XML BOMs, but not *validation*. ### Patches The vulnerability has been fixed in cyclonedx-core-java version 11.0.1. ### Workarounds If feasible, applications can reject XML documents before handing them to cyclonedx-core-java for validation. This may be an option if incoming CycloneDX BOMs are known to be in JSON format. ### References * The issue was introduced via https://github.com/CycloneDX/cyclonedx-core-java/commit/162aa594f347b3f612fe0a45071693c3cd398ce9 * The issue was fixed via https://github.com/CycloneDX/cyclonedx-core-java/pull/737 * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#sc...

Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The