Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-gp98-hfvm-2r4x: Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

ghsa
Open in Source
#vulnerability#web#apache#auth
GHSA-5fc3-pqf2-57cx: Apache IoTDB Discloses Sensitive Information via Log Files

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

Apple to Pay $95 Million in Siri Snooping Lawsuit – Here’s How to Apply

Did Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible…

I checked out the European vulnerability database, EUVD, which was officially launched yesterday

I checked out the European vulnerability database, EUVD, which was officially launched yesterday. Its usefulness is questionable for now. 🤷‍♂️ 🔹 Basically, they pull data from public sources (MITRE CVE DB, CISA KEV, GHSA, EPSS, and a few others), map it under their own EUVD identifier (everything is mapped by CVE 😉), and provide a […]

North Korean IT Workers Are Being Exposed on a Massive Scale

Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies—along with photos of men allegedly involved in the schemes.

Job Seekers Targeted as Scammers Pose as Government Agencies on WhatsApp

Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft…

GHSA-w443-5h3j-jqcp: Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references. ### Original Description In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

GHSA-537f-gxgm-3jjq: OpenPubkey Vulnerable to Authentication Bypass

### Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. ### Patches Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. ### References [CVE-2025-3757 ](https://www.cve.org/CVERecord?id=CVE-2025-3757)

Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…