#vulnerability

A critical vulnerability (CVE-2025-1268) in Canon printer drivers allows remote code execution. See which drivers are affected, how to patch them.

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact

`PyString::from_object` took `&str` arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the `&str` data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow). In PyO3 0.24.1 this function will now allocate a `CString` to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes `&CStr` arguments.

Version 1.15.1 might feel like a run-of-the-mill new release of cert-manager Operator for Red Hat OpenShift but actually it features more than a few notable enhancements to improve the security posture of your OpenShift clusters. This exciting release improves the overall security posture of your OpenShift clusters, and expands upon your ability to protect your cluster networking communications with TLS certificates managed by cert-manager. The release of Red Hat OpenShift 4.18 emphasises zero trust architecture, and introduces as Technology Preview, the powerful istio-csr agent via cert-manag

### Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. ### Details When ProxyOn is enabled, [it looks like the PROXY command will be accepted multiple times](https://github.com/phires/go-guerrilla/blob/fca3b2d8957a746997c7e71fca39004f5c96e91f/server.go#L495), with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. Note that the format of the PROXY header is [well-defined](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). It probably shouldn't be treated as an SMTP command; parsing it the same way is likely to result in odd behavior and could lead to other vulnerabili...

### Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming `Request` by putting a URL pathname in the port section of a URL that is part of a `Host` or `X-Forwarded-Host` header sent to a Remix/React Router request handler. ### Patches This issue has been patched and released in Remix 2.16.3 React Router 7.4.1. ### Credits - Rachid Allam (zhero;) - Yasser Allam (inzo_)

A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references. ### Original Description Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.

### Summary The `squelette` parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload `../../../../../../etc/passwd` was submitted in the `squelette` parameter. The requested file was returned in the application's response. ### Details File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem. ### PoC 1. Access the below URL to see the contents of `/etc/passwd`: **URL with payload:** `https://yeswiki.net/?UrkCEO/edit&theme=margot&squelette=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&style=margot.css` Similarly, contents of `wakka.config.php` can...

### Impact alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ### Patches The problem has been patched in 1.0.3 ### References https://github.com/advisories/GHSA-799q-f2px-wx8c