CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

PT-2025-19788 · Keystone · Keystone

Name of the Vulnerable Software and Affected Versions: Keystone versions prior to 6.5.0 Description: Keystone, a content management system for Node.js, has an issue where field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These...

GHSA-VMG2-R3XV-R3XF Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

How Is API Abuse Different from Web Application Attacks by Bots?

API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...

Microarchitectural Cache Side-Channel Attacks

Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...

Citrix uberAgent Security Bulletin for CVE-2024-6677

Description of Problem A vulnerability has been discovered in Citrix uberAgent, which, if exploited, may result in the escalation of privileges of the attacker. Affected Versions: The following supported versions of Citrix uberAgent are affected by the vulnerability: Citrix uberAgent before 7.2.1...

Examining the US Government’s DDoS Protection Guidance Update

In March 2024, CISA, MS-ISAC, and the FBI released updated DDoS response guidance. The document outlines key strategies and 15 steps for mitigating DDoS attacks, emphasizing the need for continuous monitoring and collaboration between government and private sectors...

Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats

By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats...

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

Vulnerability fixed in Cisco ASA and Firepower systems

Cisco has fixed a vulnerability in Adaptive Security Appliance and Firepower Threat Defense. The vulnerability is located in the way the Remote Access VPN handles login attempts, allowing a malicious party to use brute-force access to user accounts and potentially take over the system. take over...

copyparty vulnerable to path traversal attack

Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible according to OS-level permissions from the copyparty process. Usually, this ...

Supporting Our U.S. Federal Customers for BOD 23–02 by Mitigating the Risk From Internet-Exposed Management Interfaces

On June 13, 2023, the U.S. Cybersecurity & Infrastructure Security Agency CISA released Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. The directive requires federal civilian executive-branch agencies to adhere to two primary actions:...

To Fight Cyber Extortion and Ransomware, Shift Left

How can organizations defend themselves more effectively against ransomware and other forms of cyber extortion? By “shifting left” and adopting proactive cybersecurity strategies to detect attacks sooner, mitigating breaches before they cause harm...

buildingbrightfutures.org Cross Site Scripting vulnerability OBB-3401723

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross site request forgery (csrf)

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

Media Library Block - Moderately critical - Information Disclosure - SA-CONTRIB-2023-003

The Media Library Block module allows you to render a media entity in a block. The module does not properly check media access in some circumstances. This may result in unauthorized users including anonymous users seeing media items they are not authorized to access if a block containing a...

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Uncovering Security Blind Spots in CNC Machines

Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how...

Holiday Readiness, Part II: Best Practices for Detecting and Mitigating Attacks

Stay one step ahead of bad actors this holiday season with best practices to detect and mitigate attacks...

GHSA-GWP4-MCV4-W95J jwcrypto token substitution can lead to authentication bypass

The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that...