Tag
#auth
A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. ### Impact An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method that meets the following criteria: - The callable is a function or static method - The callable has no parameters or no strict parameter types ### Vulnerable Components - The `remember(callable $query, string $key = '')` method in `Laravel\Pulse\Livewire\Concerns\RemembersQueries` - Affects all Pulse card components that use this trait ### Attack Vectors The vulnerability can be exploited through Livewire component interactions, for example: ```php wire:click="remember('\\Illuminate\\Support\\Facades\\Config::all', 'config')" `...
A flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on America’s hottest new conspiracy theory.
An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.
An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.
Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homeland—and the Pentagon's ability to respond is limited.
Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…
As the adoption of LCNC grows, so will the complexity of the threats organizations face.
AI creates what it’s told to, from plucking fanciful evidence from thin air, to arbitrarily removing people’s rights, to sowing doubt over public misdeeds.
SUMMARY Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently…
The white supremacist Robert Rundo faces years in prison. But the “Active Club” network he helped create has proliferated in countries around the world, from Eastern Europe to South America.