#web

### Problem Webhooks are inherently vulnerable to Server-Side Request Forgery (SSRF), which can be exploited by adversaries to target internal resources (e.g., _localhost_ or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator-level backend user account is required to exploit this vulnerability. ### Solution Update to TYPO3 versions 12.4.31 LTS, 13.4.12 LTS that fix the problem described. > [!IMPORTANT] > > **Manual actions required** > > To mitigate potential SSRF risks via webhooks, it is recommended to explicitly allow access only to trusted hosts. This can be achieved by configuring the allowlist in `$GLOBALS['TYPO3_CONF_VARS']['HTTP']['allowed_hosts']['webhooks']`. > > If the allowlist is not defined or set to `null`, all requests will be allowed. > If the allowlist is an empty `array`, all requests will be blocked. > > By default, the f...

### Summary [LanceDocChatAgent](https://github.com/langroid/langroid/blob/main/langroid/agent/special/lance_doc_chat_agent.py#L158) uses pandas eval() through `compute_from_docs()`: https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vector_store/base.py#L136-L150 As a result, an attacker may be able to make the agent run malicious commands through [QueryPlan.dataframe_calc](https://github.com/langroid/langroid/blob/main/langroid/agent/special/lance_tools.py#L16) compromising the host system. ### Fix Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets.

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. "The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis

Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid.

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AutomationDirect product is affected: MB-Gateway: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The embedded webserver lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. CVE-2025-36535 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers M241/M251/M258/LMC058 Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of confidentiality when an unauthenticated attacker manipulates a controller's webserver URL to access resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Modicon Controllers M241: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M251: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M258: All versions Schneider Electric Modicon Controllers LMC058: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 CWE-610: Externally Controlled Reference to a Resource in Another...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertiv Equipment: Liebert RDU101 and Liebert UNITY Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or achieve remote code execution 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Vertiv products are affected: Liebert RDU101: Versions 1.9.0.0 and prior Liebert IS-UNITY: Versions 8.4.1.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. CVE-2025-46412 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v...