#auth

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

Google enables marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of classified defense technology, a WIRED investigation has found.

FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports the following products are affected: ABB ASPECT®-Enterprise ASP-ENT-x: Versions 3.08.03 and prior ABB NEXUS Series NEX-2x: Versions 3.08.03 and prior ABB NEXUS Series: Versions 3.08.03 and prior ABB MATRIX Series MAT-x: Versions 3.08.03 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Several hard-coded credentials for the products internal use are contained in the firmware as plain text information. CVE-2024-51547 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send unauthorized HTTPS requests, access sensitive information from HTTPS responses, or use network access to execute remote code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected: FLXEON Controllers FBXi: Version 9.3.4 and prior FLXEON Controllers FBVi: Version 9.3.4 and prior FLXEON Controllers FBTi: Version 9.3.4 and prior FLXEON Controllers CBXi: Version 9.3.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Netwo...

An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability (in the hash table used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.

The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.

The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.