#vulnerability

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L), and availability (A:N). What does that mean for this vulnerability?** Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attacker would need to combine this vulnerability with other vulnerabilities to perform an attack.

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical

### Impact _What kind of vulnerability is it? Who is impacted?_ A vulnerability in `OpenTelemetry.Api` package `1.10.0` to `1.11.1` could cause a [Denial of Service (DoS) when a tracestate and traceparent header is received](https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-8785-wc3w-h8q6). These versions are used in OpenTelemetry .NET Automatic Instrumentation `1.10.0-beta.1` and `1.10.0`. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. ### Patches _Has the problem been patched? What versions should users upgrade to?_ This issue has been resolved in `OpenTelemetry.Api` `1.11.2` by reverting the change that intro...

### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. ### Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10. ### Workarounds None. ### References https://github.com/SixLabors/ImageSharp/issues/2859 https://github.com/SixLabors/ImageSharp/issues/2890

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

### Impact In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to: - Forge authentication assertions, potentially impersonating legitimate users. - If Just-In-Time (JIT) provisioning is enabled, the attacker could provision a new administrative user account. - If MDM enrollment is enabled, certain endpoints could be used to create new accounts tied to forged assertions. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. ### Patches This issue is addressed in commit [fc96cc4](https://github.com/fleetdm/fleet/commit/fc96cc4e91047250afb12f65ad70e90b30a7fb1c) and is available in Fleet version 4.64.2. The following backport versions also address this issue: - 4.63.2 - 4.62.4 - 4.58.1 ### Workarounds If an immediate upgrade is not possible, Fleet users should temporarily disable [single-sign-on (SSO)](https://fleetdm.com/docs/deploy/single-sign-on-sso)...

### Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to the access log. Examples of attacks include: - Using following string as user agent : `HELLO-WORLD", "evil-ip": "1.1.1.1", "x-forwarded-for": "1.1.1.1` would lead to setting of new access log properties and overwrite of existing properties. Existing properties such as the value of the X-Forwarded-For header may have importance for security analysis of access logs, and their overwrite can be used to hide malicious activity. - Using the following string as user-agent : `"` which renders an invalid json document. The invalid document may fail to be processed by observability solutions, which would allow attacker to hide malicious activity. ### Patches 1.3.1, 1.2.7 ### Fix Using JSON ...

Tata Technologies hit by Hunters International ransomware attack. The group threatened to leak 1.4TB of data. Learn about…

### Summary The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. ### Details Throughout the source-code analysis, it has been found that the endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occurs due to implementation of the client-side template engine ejs, specifically on file resetPassword.ts where the template is using the insecure function “<%-“ https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts#L71 which is rendered by the function renderPasswordReset: https://github.com/nocodb/nocodb/blob/ba5a191b33259d984fc92df225f7d82ede2ddb56/packages/nocodb/src/modules/auth/auth.controller.ts#L251 ### PoC Send the request below to a vulnerable instance: `/api/v1/db/auth/password/reset/asdsad%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%...