762 matches found
CVE-2026-42811
CVE-2026-42811 : Apache Polaris builds Google Cloud Storage downscoped credentials via a Credential Access Boundary (CAB) with CEL conditions intended to constrain to a table path. The CEL string uses the bucket and table path; if a namespace/table identifier contains special content (e.g., a sin...
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is...
From Spoofing to Trust: Emergency Alerts Spoofing Testbed and Cross-Cell Verification
Public warning systems PWS in cellular networks enable authorities to broadcast emergency alerts to all mobile phones in a geographic region in the event of threats such as earthquakes or severe weather. If an attacker can imitate these alerts and transmit a forged warning containing fake news or...
GHSA-4C99-QJ7H-P3VG nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
Arbitrary File Write via Path Traversal in Cell Attachment Filenames Summary nbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment...
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
Arbitrary File Write via Path Traversal in Cell Attachment Filenames Summary nbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment...
CVE-2026-39377
A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. When processing notebooks containing specially crafted cell attachment filenames, a remote attacker can exploit a path traversal vulnerability. This allows the attacker to write arbitrary files to locations outside the...
CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...
CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...
GHSA-HV5G-26JG-PC45 Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...
Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...
EUVD-2025-208881
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
EUVD-2025-208885
Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
Quantifying Memory Cells Vulnerability for DRAM Security
Dynamic Random Access Memory DRAM is pervasive in computer systems. Cell vulnerabilities caused by unintended phenomena forced retention failure, latency alteration, rowhammer and rowpress lead to unintended bit flips in memory. These phenomena have been explored as attacks to violate data...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
CVE-2025-67113
CVE-2025-67113 describes an OS command injection in the CWMP client (/ftl/bin/cwmp) of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842. The root cause is unescaped TR-069 Download URL input being passed into the firmware upgrade pipeline, allowing remot...
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system…...
Arbitrary File Write
Black is vulnerable to Arbitrary File Write. The vulnerability is due to improper sanitization of the --python-cell-magics option when constructing cache file names, allowing attackers to manipulate the file path and write cache files to arbitrary locations on the filesystem...