Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-c2p2-hgjg-9r3f: Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header

### Impact _What kind of vulnerability is it? Who is impacted?_ Remote code execution is possible in web-accessible installations of hypercube. ### Patches _Has the problem been patched? What versions should users upgrade to?_ Not yet, though no patch is neccessary if your installation of the microservices is behind a firewall. See below. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ The exploit requires making a request against Hypercube's endpoints; therefore, the ability to make use of the exploit is much reduced if the microservice is not directly accessible from the Internet, so: Prevent general access from the Internet from hitting Hypercube. Furthermore, if you've used any of the official installation methods, your Crayfish will be behind a firewall and there is no work neccessary. The webserver might be made to validate the structure of headers passed, but that would only be neccessary if you publicly exposed the en...

ghsa
Open in Source
#vulnerability#web#rce
Content Credentials Technology Verifies Image, Video Authenticity

The open technology, which tackles disinformation, has gained steam in the past year, surpassing 500 corporate members and continuing to evolve.

GHSA-593f-38f6-jp5m: Inefficient Regular Expression Complexity in koa

### Summary Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. ### PoC Coming soon. ### Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty values should not be allowed.

GHSA-29c6-3hcj-89cf: go-crypto-winnative BCryptGenerateSymmetricKey memory leak

Calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time.

Online Threats Are Rising -Here’s Why Companies Must Improve Their Cybersecurity

Cybersecurity is a must as online threats rise. Businesses must train employees, back up data, and adopt strong…

Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.

Patch Tuesday: Microsoft Fixes 63 Bugs with 2 Zero-Days

Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to…

Is AI a Friend or Foe of Healthcare Security?

When it comes to keeping patient information safe, people empowerment is just as necessary as deploying new technologies.

Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability

Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All