Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-vr8x-74pm-6vj7: Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss

### Summary A path traversal vulnerability via the plugin repository name allows an authenticated attacker to delete files on the server leading to unavailability and potentially data loss. ### Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. ### Impact This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.

ghsa
Open in Source
#vulnerability#web#js#git#auth
Wireless carriers fined $200 million after illegally sharing customer location data

Four major wireless carriers have been fined by the FCC for sharing access to customers’ location data without consent.

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.

Simplify hybrid cloud operations with Red Hat Enterprise Linux 9.4

Architecting, deploying, and managing hybrid cloud environments can be a challenging and time-consuming process. It starts with processor selection, operating system configuration, application management, and workload protection, and it never ends. Every step requires a reliable, trusted software foundation with a comprehensive set of features and capabilities to fuel optimal performance, greater consistency, and enhanced security capabilities for your environment. With new features in Red Hat Enterprise Linux 9.4 (RHEL), you can speed-up and simplify many infrastructure life cycle operations

Facebook at 20: Contemplating the Cost of Privacy

As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.

Attackers Planted Millions of Imageless Repositories on Docker Hub

The purported metadata for each these containers had embedded links to malicious files.

Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident

London Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again.

China Has a Controversial Plan for Brain-Computer Interfaces

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware

USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.

Wireless Carriers Face $200M FCC Fine As Data Privacy Waters Roil

Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data to third parties.