-
CVE-2025-21611 – Tgstation-Server Authorization Bypass
CVE ID : CVE-2025-21611 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows…
-
CVE-2025-21612 – TabberNeue Cross-Site Scripting
CVE ID : CVE-2025-21612 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability…
-
Vulnerable Moxa devices expose industrial networks to attacks
Vulnerable Moxa devices expose industrial networks to attacks Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network securi … Read more Published Date: Jan 06, 2025 (3 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-9140…
-
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks … Read more Published Date: Jan 06, 2025 (6 hours, 5 minutes ago) Vulnerabilities has been mentioned in this…
-
MediaTek rings in the new year with a parade of chipset vulns
MediaTek rings in the new year with a parade of chipset vulns MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. The fabless semi … Read more Published Date: Jan 06, 2025 (6 hours, 32 minutes ago)…
-
Insecure Bootstrap Process in Google’s Cloud SQL Proxy
Summary The bootstrap process for Google’s cloud SQL Proxy CLI uses the “curl | bash” pattern and didn’t document a way to verify authenticity of the downloaded binaries. The vendor updated documentation with information on how to use checksums to verify the downloaded binaries. Vulnerability Details As part of our ongoing research into supply chain…
-
GitBleed – Finding Secrets in Mirrored Git Repositories – CVE-2022-24975
Summary Due to a discrepancy in Git behavior, partial parts of a source code repository are visible when making copies via the “git clone” command. There are additional parts of the repository that only become visible when using the “–mirror” option. This can lead to secrets being exposed via git repositories when not removed properly,…
-
RFC 9116 / “security.txt” Has Been Published
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak. I would like to use this opportunity to thank those who made this possible. Thank you. pic.twitter.com/Z8SNxd81ZO — Ed (@EdOverflow) April 27, 2022 See: https://www.rfc-editor.org/rfc/rfc9116 Go to Source
-
WhatsApp for Android Retains Deleted Contacts Locally
Summary WhatApp for Android retains contact info locally after contacts get deleted. This would allow an attacker with physical access to the device to check if the WhatsApp user had interactions with specific contacts, even though they have been deleted. Vulnerability Details When a contact is deleted on WhatsApp, their information about security code changes…
-
Three Reasons Why Log4J Is So Bad: Ubiquity, Severity and Exploitability
Over the last few weeks, security teams everywhere have been busy patching Log4J vulnerabilities. In this article we want to talk about the three things you can tell your friends why this is way worse. Ubiquity This vulnerability impacts impacts Java applications and those can be found almost anywhere: enterprise, vendor applications, database drivers, Android…