Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure

The Hacker News
#vulnerability#The Hacker News
GHSA-r4mg-4433-c7g3: Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. This has been assigned the CVE identifier CVE-2025-24293. Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.1.5.2, 7.2.2.2, 8.0.2.1 Impact ------ This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor. Vulnerable code will look something similar to this: ``` <%= image_tag blob.variant(params[:t] => params[:v]) %> ``` Where the transformation method or its arguments are untrusted arbitrary input. All users running an affected release should either upgrade or use one of the wo...

GHSA-xvr7-p2c6-j83w: swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability

The HTTP/2 [MadeYouReset vulnerability](https://galbarnahum.com/made-you-reset) has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not vulnerable to naive attacks based on MadeYouReset, and the naive PoC examples do not affect swift-nio-http2. However, in 1.38.0 we added some defense-in-depth measures as a precautionary measure that detect clients behaving "weirdly". These defense in depth measures tackle resource drain attacks where attackers interleave attack traffic with legitimate traffic to try to evade our existing DoS prevention mechanisms. We recommend all adopters move to 1.38.0 as soon as possible to mitigate against more sophisticated attacks that may appear in the future. We are very grateful to @galbarnahum, @AnatBB, and @YanivRL for their reporting and assistance with our...

GHSA-76r7-hhxj-r776: Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 ### Impact The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. ### Releases The fixed releases are available at the normal locations. ### Credits Thanks to [lio346](https://hackerone.com/lio346) for reporting this vulnerability

GHSA-7hfw-26vp-jp8m: PyPDF's Manipulated FlateDecode streams can exhaust RAM

### Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. ### Patches This has been fixed in [pypdf==6.0.0](https://github.com/py-pdf/pypdf/releases/tag/6.0.0). ### Workarounds If you cannot upgrade yet, you might want to implement the workaround for `pypdf.filters.decompress` yourself: https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143 ### References This issue has been reported in #3429 and fixed in #3430.

GHSA-fcxq-v2r3-cc8h: External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access

## Summary A vulnerability was discovered in the External Secrets Operator where the `List()` calls for Kubernetes Secret and SecretStore resources performed by the `PushSecret` controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. --- ## Impact An attacker with the ability to create or update `PushSecret` resources and control `SecretStore` configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. --- ## Exploitability To exploit this vulnerability, an attacker must: 1. Have permissions to create or update `PushSecret` resources. 2. Control one or more `SecretStore` resources. With these conditions met, the attacker could leverage label select...

Popular AI Systems Still a Work-in-Progress for Security

According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.

GHSA-prj3-ccx8-p6x4: Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” ### MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. ### Mechanism The vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). The vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are: 1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1) 2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it's possible ...

GHSA-gpmg-4x4g-mr5r: OMERO.web displays unecessary user information when requesting password reset

### Background If an error occurred when resetting a user's password using the ``Forgot Password`` option in OMERO.web, the error message displayed on the Web page can disclose information about the user. ### Impact OMERO.web versions before 5.29.1. ### Patches User should upgrade to 5.29.2 or higher. ### Workarounds Disable the ``Forgot password`` option in OMERO.web using the ``omero.web.show_forgot_password`` configuration property[^1]. Open an issue in [omero-web](https://github.com/ome/omero-web) Email us at [security@openmicroscopy.org](mailto:security@openmicroscopy.org) [^1]: https://omero.readthedocs.io/en/stable/sysadmins/config.html#omero.web.show_forgot_password

GHSA-p3qf-84rg-jxfc: OliveTin OS Command Injection vulnerability

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.