Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-3wgq-h4fr-cwg5: laravel-crud-wizard-free has File Validation Bypass

### Impact Medium ### Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 ### Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1 ### References https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

ghsa
Open in Source
#vulnerability#web#mac#git#auth
GHSA-9m3q-rhmv-5q44: Out-of-bounds Read in Ruby JSON Parser

### Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. ### Patches Version 2.10.2 fixes the problem. ### Workarounds None.

GHSA-gfh6-3pqw-x2j4: SmallRye Fault Tolerance out-of-memory (OOM) issue

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

GHSA-86w8-vhw6-q9qq: XPixelGroup BasicSR Command Injection

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.

The dark side of sports betting: How mirror sites help gambling scams thrive 

Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception.

The Rising Threat of API Attacks: How to Secure Your APIs in 2025

API attacks are constantly on the rise, with a recent alarming study showing that 59% of organizations give…

March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days

Microsoft's March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential.

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild: 🔻 RCE – Windows Fast FAT File System Driver (CVE-2025-24985)🔻 RCE – Windows NTFS (CVE-2025-24993)🔻 SFB – Microsoft Management Console (CVE-2025-26633)🔻 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983)🔻 InfDisc – Windows NTFS […]

Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.

Is Your Cloud App Server Secure? Best Practices for Data Protection

Almost every company nowadays depends on cloud computing since it is a necessary tool in the world of…