956 matches found
CVE-2025-25188 DNSSEC validation may accept broken authentication chains
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...
Azure Linux 3.0 Security Update: edk2 / hvloader / nodejs18 / openssl (CVE-2023-0464)
The version of edk2 / hvloader / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0464 advisory. - A security vulnerability has been identified in all supported versions of OpenS...
GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...
AZL-55904 CVE-2024-57940 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfatreaddir If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented,...
PT-2026-4476
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel's netfilter module contains an issue within the nf tables component related to chain validation. The vulnerability can lead to CPU soft lock-ups during nft chain validat...
PT-2024-36551 · Unknown · Invoice Ninja
Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...
CVE-2019-25220
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service daemon crash via a flood of low-difficulty header chains aka a "Chain Width Expansion" attack because a node does not first verify that a presented chain has enough work before committing to store it...
Bitcoin Core 安全漏洞
Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in versions of Bitcoin Core prior to 24.0.1 that stems from a failure to verify that the provided chain has sufficient workload, allowing an attacker to cause a deni...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the filegetcontents function. An attacker can execute arbitrary code by uploading a file with a malicious phar:// protocol, leading to the deserialization and instantiation of arbitrary PHP...
CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
Gnutls: potential crash during chain building/verification
...
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...
CVE-2023-25581
The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...
CentOS 7 : thunderbird (RHSA-2020:2906)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...
CentOS 6 : thunderbird (RHSA-2020:2966)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...
GHSA-4F8R-QQR9-FQ8J vulnerabilities
Vulnerabilities for packages: wolfictl, kyverno-fips, spire-server-fips, falcoctl, rekor, trivy, zarf, kubescape, flux-source-controller, flux-source-controller-fips, tekton-chains, vexctl, tkn-fips, cosign, neuvector-sigstore-interface-fips, neuvector-sigstore-interface, kyverno, zot,...
CVE-2024-47534 vulnerabilities
Vulnerabilities for packages: wolfictl, kyverno-fips, spire-server-fips, falcoctl, rekor, trivy, zarf, kubescape, flux-source-controller, flux-source-controller-fips, tekton-chains, vexctl, tkn-fips, cosign, neuvector-sigstore-interface-fips, neuvector-sigstore-interface, kyverno, zot,...
Expert Tips on How to Spot a Phishing Link
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs Phishing URLs are often long, confusing, o...
U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech
The U.S. Department of Commerce DoC said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China PRC and Russia. "The proposed rule focuses on hardware and software...