Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-37pq-893f-g7q5: Apereo CAS code injection vulnerability

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

ghsa
Open in Source
#vulnerability#web#java#auth
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now

Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…

Pete Hegseth’s Signal Scandal Spirals Out of Control

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…

Why Developers Should Care About Generative AI (Even They Aren’t AI Expert)

Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…

Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data

Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has…

GHSA-m8qh-hx4c-h9hr: Moodle has a CSRF risk in Brickfield tool's analysis request action

A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

GHSA-6g5x-h5x7-q4mq: Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

GHSA-88xj-97gf-7wpq: Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.