Latest News
**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 133.0.3065.82 2/21/2025 133.0.6943.126/.127
**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 133.0.3065.82 2/21/2025 133.0.6943.126/.127
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
Learn how to sue companies under GDPR for data misuse. Understand your rights, file complaints, and claim compensation…
### Summary A Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a moderate risk to all users. ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._ It's possible to inject html elements, including scripts through the [folder-list template](https://github.com/oxyno-zeta/s3-proxy/blob/master/templates/folder-list.tpl#L19C21-L19C38). It seems like the `.Request.URL.Path` variable is not escaped. I did some research and found it might be due to the `text/template` import being used in [the template implementation](https://github.com/oxyno-zeta/s3-proxy/blob/master/pkg/s3-proxy/utils/templateutils/template.go#L8), instead of the [safer](https://pkg.go.dev/html/template) `html/template`. ### PoC _Complete instructions, including ...
### Impact A malicious transaction may cause an expensive computation in mempool validation. A transaction with multiple repeated sections causes the section hash calculation used for signature validation to grow exponentially (and potentially even cubic) in proportion to number of sections. This may be used to significantly slow down operation of nodes. ### Patches This issue has been patched in apps version 1.1.0. The transaction sections are now being checked for uniqueness and the number of permitted sections contained in a single transaction has been limited to 10,000. ### Workarounds There are no workarounds and users are advised to upgrade.
### Impact A malicious transaction may cause a crash in mempool validation. A transaction with authorization section containing 256 public keys or more with valid matching signatures triggers an integer overflow in signature verification that causes a the node to panic. ### Patches This issue has been patched in apps version 1.1.0. The mempool validation has been fixed to avoid overflow. ### Workarounds There are no workarounds and users are advised to upgrade.
Beware before downloading Google Chrome from a Google search, you might get more than you expected.
### Impact Ledger crash. A user is able to initialize a post-genesis validator with a negative commission rate using the `--force` flag. If this validator gets into the consensus set, then when computing PoS inflation inside `fn update_rewards_products_and_mint_inflation`, an instance of `mul_floor` will cause the return of an `Err`, which causes `finalize_block` to error. ### Patches This issue has been patched in apps version 1.1.0. The PoS validity predicate now enforces that the commission rate is not negative and any transaction that fails the check will be rejected, both for newly initialized validators and for commission rate change of an existing validator. ### Workarounds There are no workarounds and users are advised to upgrade.