Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Leveraging Wazuh for Zero Trust security

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after

The Hacker News
Open in Source
#vulnerability#web#linux#git#backdoor#rce#auth#ssh#The Hacker News
Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.

GHSA-ghx4-cgxw-7h9p: LocalAI Cross-site Scripting vulnerability

localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.

GHSA-6p55-qr3j-mpgq: AgentScope uses `eval`

In agentscope <=v0.0.4, the file `agentscope\web\workstation\workflow_utils.py` has the function `is_callable_expression`. Within this function, the line `result = eval(s)` poses a security risk as it can directly execute user-provided commands.

GHSA-5p5r-57fx-pmfr: Langflow vulnerable to remote code execution

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

GHSA-3gf9-wv65-gwh9: gradio Server Side Request Forgery vulnerability

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

### Impact Anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. ### Patches The problem is fixed in version 7.2. ### Workarounds The problem can be fixed by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. ### References https://github.com/zopefoundation/AccessControl/issues/159

GHSA-3hxg-fxwm-8gf7: CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

### Summary The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. ### Details The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method: <https://github.com/reactiveui/refit/blob/258a771f44417c6e48e103ac921fe4786f3c2a1e/Refit/RequestBuilderImplementation.cs#L1328> This method does not check for CRLF characters in the header value. This means that any headers added to a refit request are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. ### PoC The below example code creates a console app that takes one command line variable (a bearer token) and then makes a request to some status page with the provided token inserted in the "Authorization" header: ```c# using Refit; internal class Program { private static void Main(string[] args) { ...

City of Columbus Drops Case on Cyberattack Whistleblower

The security researcher who notified the media of the breach will be free from the city's lawsuit, but not without a caveat.

Hackers Leak 300,000 MIT Technology Review Magazine User Records

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…