#auth

Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

A hacker, previously linked to the Tracelo breach, now claims to have breached Twilio’s SendGrid, leaking and selling data on 848,000 customers, including contact and company info.

Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files.

Cybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy…

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

Jacksonville, United States, 3rd April 2025, CyberNewsWire

Worried parents tracking their children with T-Mobile SyncUP devices suddenly found that they were looking at the location of random other children. And could not locate their own.

### Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. ### Details While we wanted to make our errors compatible with the [JSON Problem](https://datatracker.ietf.org/doc/html/rfc7807) specification, we ended up handling more exceptions then we did previously (introduced at https://github.com/api-platform/core/pull/5823). Instead of leaving that to Symfony, we ended up serializing errors with our normalizers which lead to not hiding the exception details. Note that the trace is hidden in production but the message is not, and the message can contain sensitive information. ### PoC At https://github.com/ili101/api-platform/tree/test3.2 it triggers an authentication exception as LDAP is not reachable. You can find the message available as a JSON response when trying to reach an endpoint. ### Impact Version 3.2 until 3.2.4 is impacted.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ACS880 Drives with IEC 61131-3 license Vulnerabilities: Improper Input Validation, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following low-voltage DC drive and power controller products contain a vulnerable version of CODESYS Runtime: ABB ACS880 Drives ACS880 Primary Control Program AINLX: Versions prior to v3.47 ABB ACS880 Drives ACS880 Primary Control Program YINLX: Versions prior to v1.30 ABB ACS880 Drives ACS880 IGBT Supply Control Program AISLX: Versions prior to v3.43 ABB ACS880 Drives ACS880 IGBT Supply Control Program ALHLX: Versions prior to v3.43 ABB ACS880 Drives ACS880 IGBT Supply...