Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-mx3p-fhpw-x6rv: TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version <=6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

ghsa
Open in Source
#vulnerability#dos#git#pdf
GHSA-23q2-5gf8-gjpp: Enabling Authentication does not close all logged in socket connections immediately

### Summary This is basically [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3) but instead of changing passwords, when enabling authentication. ### PoC - Open Uptime Kuma with authentication disabled - Enable authentication using another window - Access the platform using the previously logged-in window - Note that access (read-write) remains despite the enabled authentication - Expected behaviour: - After enabling authentication, all previously connected sessions should be invalidated, requiring users to log in. - Actual behaviour: - The system retains sessions and never logs out users unless explicitly done by clicking logout or refreshing the page. ### Impact See [GHSA-g9v2-wqcj-j99g](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g) and [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3) TBH this is quite a niche edge case, so I don't know if ...

IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

By Waqas Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more. This is a post from HackRead.com Read the original post: IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

What’s the deal with the massive backlog of vulnerabilities at the NVD?

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.

'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity

Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.

CVE-2024-29991: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware

It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.

4 use cases for AI in cyber security

Artificial intelligence (AI) is being introduced to just about every facet of life these days. AI is being used to develop code, communicate with customers, and write in various media. Cyber security, particularly product security is another place AI can have a significant impact. AI is being built into security tools, and, on the flip side, into the realm of exploitation. AI is now mainstream and won't be going away anytime soon, so security professionals need to learn how to best use it to help enhance the security of their systems and products.AI and its implications for securityThe term "a

Cisco's Complex Road to Deliver on Its Hypershield Promise

The tech giant tosses together a word salad of today's business drivers — AI, cloud-native, digital twins — and describes a comprehensive security strategy for the future, but can the company build the promised platform?

Cisco Warns of Massive Surge in Password-Spraying Attacks on VPNs

Attackers are indiscriminately targeting VPNs from Cisco and several other vendors in what may be a reconnaissance effort, the vendor says.