Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-832w-fhmw-w4f4: D-Tale allows Remote Code Execution through the Custom Filter Input

### Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. ### Patches Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. You can find out more information on how to turn that flag on [here](https://github.com/man-group/dtale#custom-filter) ### Workarounds The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users. ### References See "Custom Filter" [documentation](https://github.com/man-group/dtale#custom-filter)

ghsa
Open in Source
#vulnerability#web#git#rce#auth
ABB Cylon Aspect 3.08.02 (aspectMemory.php) Arbitrary Heap Memory Configuration

An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

OData Injection Risk in Low-Code/No-Code Environments

As the adoption of LCNC grows, so will the complexity of the threats organizations face.

Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted

SUMMARY Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently…

'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

GHSA-v49p-m6gh-747c: djoser Authentication Bypass

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

GHSA-g2r4-phv7-5fgv: Browsershot Local File Inclusion

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.

Professions That Are the Most Exposed to Cybersecurity Threats

Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how…

The Growing Importance of Secure Crypto Payment Gateways

Learn how cryptocurrency’s rapid growth brings risks like fake payment gateways and online scams. Discover tips to stay…