Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-mrmh-3hqh-pfw7: Composio Code Injection Vulnerability

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

ghsa
#vulnerability#web#auth
GHSA-66r2-xm28-74w9: Composio Path Traversal vulnerability

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

GHSA-jpxc-vmjf-9fcj: Ansible vulnerable to Insertion of Sensitive Information into Log File

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Cybersecurity & the 2024 US Elections

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact.

Calibre 7.14.0 Remote Code Execution

Proof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.

Veeam Backup And Replication 12.1.2.172 Remote Code Execution

Veeam Backup and Replication version 12.1.2.172 unauthenticated remote code execution exploit.

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency

Unleashing Worms And Extracting Data

Whitepaper called Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking. In this paper, the authors show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale.

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Ship Ferry Ticket Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities.