Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains multiple SQL injection vulnerabilities. This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below. TippingPoint Zero Day Initiative...