#vulnerability

### Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. ### Impact The attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability. ### Patches - [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation. ### Details By embedding "<!--", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute. ### PoC  1. The page where the vulnerability was found, and the attack surface is the Title field. ![image](https://github.com/user-attachment...

Microsoft exposes Storm-2139, a cybercrime network exploiting Azure AI via LLMjacking. Learn how stolen API keys enabled harmful…

### Summary If untrusted user input is used to dynamically create a `PebbleTemplate` with the method `PebbleEngine#getLiteralTemplate`, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of `PebbleTemplate#evaluate`. This is done via the `include` macro. ### Details The `include` macro calls `PebbleTempateImpl#resolveRelativePath` with the `relativePath` argument passed within the template: Example template: ``` {% include [relativePath] %} ``` When `resolveRelativePath` is called, the `relativePath` is resolved against the `PebbleTemplateImpl.name` variable. ```java /** * This method resolves the given relative path based on this template file path. * * @param relativePath the path which should be resolved. * @return the resolved path. */ public String resolveRelativePath(String relativePath) { String resolved = this.engine.getLoader().resolveRelativ...

360XSS campaign exploits Krpano XSS to hijack search results & distribute spam ads on 350+ sites, including government,…

Two denial of service vulnerabilities were found in ntpd-rs related to the handling of NTS cookies in our client functionality. Whenever an NTS source is configured and the server behind that source is sending zero-sized cookies or cookies larger than what would fit in our buffer size, ntpd-rs would crash. Only configured NTS sources can abuse these vulnerabilities. NTP sources or third parties that are not configured cannot make use of these vulnerabilities. For zero-sized cookies: a division by zero would force an exit when the number of new cookies that would need to be requested is calculated. In ntpd-rs 1.5.0 a check was added to prevent the division by zero. For large cookies: while trying to send a NTP request with the cookie included, the buffer is too small to handle the cookie and an exit of ntpd-rs is forced once a write to the buffer is attempted. The memory outside the buffer would not be written to in this case. In ntpd-rs 1.5.0 a check was added that prevents accepting...

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical (Considerable Impact; Almost Certain Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: IBC-Go >= v7; Earlier IBC-Go versions may also be affected. Affected users: Validators, Full nodes, IBC Middleware authors ### Description An issue was discovered in IBC-Go's deserialization of acknowledgements that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain ### Patches The new IBC-Go releases below address this issue: * [v7.9.2](https://github.com/cosmos/ibc-go/releases/tag/v7.9.2) * [v8.6.1](https://github.com/cosmos/ibc-go/releases/tag/v8.6.1) ### Workarounds To prevent this state from being introduced to a chain, it is possible to permission Channel Opening as a workaroun...

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic

A hacker using the alias GHOSTR, linked to 90+ data breaches, was arrested in a joint effort by law enforcement in Thailand, Singapore, and cybersecurity firm Group-IB.

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0.