24h | 7d | 30d

Overview

  • pixelfed
  • pixelfed

12 Feb 2024
Published
01 Aug 2024
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.29%

KEV

Description

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Statistics

  • 1 Post
  • 198 Interactions

Fediverse

Profile picture

This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.

You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.

I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)

#fediverse #security #nivenly #FediverseSecurityFund

RE: hachyderm.io/@nivenly/11426849

  • 102
  • 96
  • 16 hours ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

10 Mar 2025
Published
02 Apr 2025
Updated

CVSS
Pending
EPSS
92.54%

Description

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

Statistics

  • 2 Posts
  • 9 Interactions

Fediverse

Profile picture

Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:

"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."

aquasec.com/blog/new-campaign-

  • 1
  • 6
  • 16 hours ago
Profile picture

Apache Tomcat CVE-2025-24813 was recently disclosed and is being actively exploited just 30 hours after a public PoC was released securityaffairs.com/176129/sec

  • 1
  • 1
  • 7 hours ago

Overview

  • SquirrelMail
  • SquirrelMail

02 Apr 2025
Published
02 Apr 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
Pending

KEV

Description

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

Statistics

  • 1 Post
  • 7 Interactions

Fediverse

Profile picture

It seems like it's been a while since I've seen a SquirrelMail vuln.

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

squirrelmail.org/security/issu

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

nvd.nist.gov/vuln/detail/CVE-2

  • 3
  • 4
  • 14 hours ago

Overview

  • jhpyle
  • docassemble

29 Feb 2024
Published
02 Aug 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
90.08%

KEV

Description

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Statistics

  • 3 Posts
  • 4 Interactions

Fediverse

Profile picture

🚨 CVE-2024-27292 exploitation campaign detected!

:blobthinking: What is the CVE-2024-27292 vulnerability?

CVE-2024-27292 is a path traversal vulnerability in Docassemble. It allows unauthenticated attackers to access arbitrary files, such as /etc/passwd via specially crafted URL parameters. The root cause is improper sanitization of user-supplied inputs, making it possible for attackers to probe system-level files.

Over the past few days, CrowdSec telemetry has identified a significant and accelerating wave of exploit attempts targeting the URI pattern: /interview?i=/etc/passwd.

Docassembe is a free, open source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown.

This pattern aligns with an exploit attempt for CVE-2024-27292, a vulnerability disclosed in late 2024 affecting Docassemble (v1.4.53 to v1.4.96). [1/3]

  • 1
  • 1
  • 15 hours ago
Profile picture

🛡️ Protect yourself

Already using the CrowdSec WAF? Then you have nothing to worry about, CVE-2024-27292 is already part of the default virtual patching collection.

If not, it’s never too late to start. Follow the link in the comments below 👇 and start protecting your systems from CVE-2024-27292 and other vulnerabilities. [2/3]

  • 0
  • 0
  • 15 hours ago

Overview

  • tauri-apps
  • plugins-workspace

02 Apr 2025
Published
02 Apr 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

I don't know the Tauri shell but shell plugins seem like a nice attack surface if you know your target is running them.

github.com/tauri-apps/plugins-

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 1
  • 7 hours ago

Overview

  • OpenVPN
  • OpenVPN

02 Apr 2025
Published
03 Apr 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

OpenVPN Server DoS could be a bummer if your configuration leaves you impacted.

community.openvpn.net/openvpn/

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 0
  • 6 hours ago

Overview

  • djangoproject
  • Django

02 Apr 2025
Published
02 Apr 2025
Updated

CVSS v3.1
MEDIUM (5.8)
EPSS
Pending

KEV

Description

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

"Django security releases issued: 5.1.8 and 5.0.14"

djangoproject.com/weblog/2025/

"CVE-2025-27556: Potential denial-of-service vulnerability in LoginView, LogoutView, and set_language() on Windows"

#security #django #python

  • 0
  • 2
  • 8 hours ago

Overview

  • canonical
  • get-workflow-version-action

02 Apr 2025
Published
02 Apr 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
Pending

KEV

Description

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

This seems like a pretty small scope but people seem to like leaked tokens so here you go.

github.com/canonical/get-workf

sev:HIGH 8.2 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 1
  • 7 hours ago

Overview

  • CrushFTP
  • CrushFTP

26 Mar 2025
Published
03 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
15.48%

KEV

Description

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.

Statistics

  • 1 Post

Fediverse

Profile picture

UPDATE: Attackers are now exploiting CrushFTP vulnerability CVE-2025-2825

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 14 hours ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Fediverse

Profile picture

Outpost24 Puts Up A Blog Post On The CrushFTP Authentication Bypass Vulnerability… And The Events That Led To Mass Attacks

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. Today, the team posted a blog detailing the process of their reporting, including how other parties circulating this news under a different CVE caused media confusion. The vulnerability is now being exploited by remote…

itnerd.blog/2025/04/02/outpost

  • 0
  • 0
  • 10 hours ago
Showing 1 to 10 of 27 CVEs