24h | 7d | 30d

Overview

  • FreeType
  • FreeType

11 Mar 2025
Published
14 Mar 2025
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.06%

KEV

Description

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Statistics

  • 2 Posts

Fediverse

Profile picture

🚨 Critical Alert: A severe vulnerability (CVE-2025-27363) in the FreeType font library, used by millions, is being actively exploited.

This flaw allows RCE, risking numerous systems. Affected platforms include Linux distributions, Android, and iOS.

Read: thehackernews.com/2025/03/meta

Update to FreeType version 2.13.3 immediately to protect your devices. Act now!

  • 0
  • 0
  • 2 hours ago
Profile picture

Un nuevo ransomware llamado SuperBlack explota vulnerabilidades críticas en Fortinet, mientras que un innovador método de detección de bootkits UEFI ha sido presentado. Además, una peligrosa campaña de phishing ataca al sector hospitalario y se identifican vulnerabilidades en SAML y FreeType. Los usuarios de Android deben estar alertas ante spyware norcoreano. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 14/03/25 📆 |====

🔒 NUEVO RANSOMWARE SUPERBLACK EXPLOITA VULNERABILIDADES DE FORTINET
Un nuevo operador de ransomware, conocido como 'Mora_001', ha comenzado a explotar dos vulnerabilidades críticas en dispositivos Fortinet para acceder de forma no autorizada a firewalls y desplegar una variante de ransomware personalizada llamada SuperBlack. La amenaza es significativa para las empresas que utilizan esta tecnología. ¡Infórmate sobre cómo protegerte! 👉 djar.co/NouX

🔍 NUEVA METODOLOGÍA PARA LA DETECCIÓN DE BOOTKITS UEFI
El equipo de investigación de Binarly ha presentado un enfoque innovador para detectar bootkits UEFI al analizar comportamientos de código únicos. Este método permite identificar características que pueden ayudar a la detección genérica de bootkits, así como el desarrollo de nuevas reglas para cazar bootkits aún desconocidos. Aprende más sobre esta técnica invasiva. 👉 djar.co/sRf33l

⚠️ CAMPAÑA DE PHISHING TARGETA AL SECTOR HOSPITALARIO
Microsoft ha emitido una advertencia sobre una peligrosa campaña de phishing que utiliza ClickFix para difundir malware mediante correos electrónicos falsos de Booking.com. Los atacantes están utilizando páginas CAPTCHA engañosas para robar credenciales, lo que representa una amenaza considerable para el sector de la hospitalidad. Descubre cómo protegerte de estos intentos de fraude. 👉 djar.co/0Tdqi

🔓 CRÍTICA VULNERABILIDAD EN AUTENTICACIÓN SAML
Se han identificado vulnerabilidades críticas en la biblioteca ruby-saml hasta la versión 1.17.0 que permiten el bypass de la autenticación SAML. En el informe se detalla el descubrimiento de estas fallas, así como su posible impacto en la seguridad de las aplicaciones que utilizan este método de autenticación. Mantente informado sobre cómo esto podría afectar a tu organización. 👉 djar.co/J1x4fP

🔧 VULNERABILIDAD CRÍTICA EN FREETYPE CON RIESGO DE EXPLOTACIÓN
Meta ha alertado sobre una vulnerabilidad crítica en FreeType (CVE-2025-27363) con un puntuación CVSS de 8.1, que está siendo explotada activamente. Se aconseja encarecidamente actualizar a la versión 2.13.3 para mitigar riesgos de explotación. No dejes tu sistema vulnerable, toma acción ahora. 👉 djar.co/4rku

🛡️ INVESTIGACIÓN SOBRE CORRUPCIÓN DE MEMORIA EN DELPHI
En su última publicación, el equipo de Delphi destaca cómo las vulnerabilidades de corrupción de memoria pueden aparecer en este lenguaje de programación, que se considera seguro. Se brindan recomendaciones cruciales para evitar introducir errores de memoria que comprometan la seguridad de los proyectos. Mejora tu código con estos valiosos consejos. 👉 djar.co/Csee

📱 HACKERS NORCOREANOS DISTRIBUYEN SPYWARE ANDROID A TRAVÉS DE GOOGLE PLAY
El grupo de hackers APT37, asociado a Corea del Norte, ha estado distribuyendo spyware dirigido a usuarios de Android a través de Google Play. Esta amenaza pone en riesgo la seguridad de los dispositivos móviles y podría comprometer datos sensibles. Conoce los detalles de esta operación encubierta y cómo proteger tu información personal. 👉 djar.co/tKh8t

  • 0
  • 0
  • 1 hour ago

Overview

  • SAML-Toolkits
  • ruby-saml

12 Mar 2025
Published
14 Mar 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.04%

KEV

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

Statistics

  • 2 Posts
  • 26 Interactions

Fediverse

Profile picture

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at about.gitlab.com/releases/2025

  • 11
  • 9
  • 20 hours ago
Profile picture

Just stumbled across something kinda scary... SAML authentication issues! Now, I know it sounds super technical, but honestly, this affects ANYONE using Single Sign-On. Seriously!

Think about logging into Netflix, Google, all that stuff – a lot of it uses SAML. What if someone could just waltz right in pretending to be you? SAML's basically the language websites use to confirm you are who you say you are. And Single Sign-On (SSO) makes it so you only log in once to access everything.

Now, about CVEs, they're like wanted posters for security flaws. CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 are the numbers to remember. The problem lies in how XML is being interpreted. Two programs, same code, totally different results – NOT GOOD. Imagine two bouncers checking the same ID, but one lets everyone in, and the other doesn't. Total chaos!

As a pentester, I see these "parser differentials" way more often than I'd like. The devil's always in the details, right?

Big deal? HUGE. Account Takeover is totally possible! Hackers could swipe your identity. This affects the ruby-saml library – which is frequently used in web applications. Affected versions: < 1.12.4 and >= 1.13.0, < 1.18.0.

Huge shoutout to GitHub Security Lab for finding this! They're lifesavers.

Good news, though! Updates are here: ruby-saml 1.12.4 and 1.18.0.

So, check if your web apps are using ruby-saml. And if they are, UPDATE THEM. Like, NOW. This isn't a joke.

Also, regular pentests are worth their weight in GOLD. Automated tools often miss stuff like this.

Do you use SAML? What are your experiences with it? How do you secure your web applications? Ever run into similar parsing issues? Let's share info and help keep everyone safe!

  • 4
  • 2
  • 21 hours ago

Overview

  • SAML-Toolkits
  • ruby-saml

12 Mar 2025
Published
14 Mar 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.04%

KEV

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Statistics

  • 2 Posts
  • 26 Interactions

Fediverse

Profile picture

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at about.gitlab.com/releases/2025

  • 11
  • 9
  • 20 hours ago
Profile picture

Just stumbled across something kinda scary... SAML authentication issues! Now, I know it sounds super technical, but honestly, this affects ANYONE using Single Sign-On. Seriously!

Think about logging into Netflix, Google, all that stuff – a lot of it uses SAML. What if someone could just waltz right in pretending to be you? SAML's basically the language websites use to confirm you are who you say you are. And Single Sign-On (SSO) makes it so you only log in once to access everything.

Now, about CVEs, they're like wanted posters for security flaws. CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 are the numbers to remember. The problem lies in how XML is being interpreted. Two programs, same code, totally different results – NOT GOOD. Imagine two bouncers checking the same ID, but one lets everyone in, and the other doesn't. Total chaos!

As a pentester, I see these "parser differentials" way more often than I'd like. The devil's always in the details, right?

Big deal? HUGE. Account Takeover is totally possible! Hackers could swipe your identity. This affects the ruby-saml library – which is frequently used in web applications. Affected versions: < 1.12.4 and >= 1.13.0, < 1.18.0.

Huge shoutout to GitHub Security Lab for finding this! They're lifesavers.

Good news, though! Updates are here: ruby-saml 1.12.4 and 1.18.0.

So, check if your web apps are using ruby-saml. And if they are, UPDATE THEM. Like, NOW. This isn't a joke.

Also, regular pentests are worth their weight in GOLD. Automated tools often miss stuff like this.

Do you use SAML? What are your experiences with it? How do you secure your web applications? Ever run into similar parsing issues? Let's share info and help keep everyone safe!

  • 4
  • 2
  • 21 hours ago

Overview

  • vim
  • vim

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
MEDIUM (4.4)
EPSS
0.04%

KEV

Description

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

Statistics

  • 1 Post
  • 6 Interactions

Fediverse

Profile picture

I like this because it's vim and because the description.

github.com/vim/vim/security/ad

sev:MED 4,4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

nvd.nist.gov/vuln/detail/CVE-2

  • 3
  • 3
  • 18 hours ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 5 Interactions

Fediverse

Profile picture
  • 3
  • 2
  • 1 hour ago

Overview

  • snowflakedb
  • snowflake-jdbc

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
LOW (3.3)
EPSS
0.04%

KEV

Description

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

Statistics

  • 1 Post
  • 6 Interactions

Fediverse

Profile picture

I don't care if it's a sev:LOW if I see Snowflake I'm calling it out.

WHERE YOUR DATA MEETS AI. SECURELY.

github.com/snowflakedb/snowfla

sev:LOW 3.3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

nvd.nist.gov/vuln/detail/CVE-2

  • 2
  • 4
  • 16 hours ago

Overview

  • Kubernetes
  • Kubelet

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.04%

KEV

Description

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

Statistics

  • 1 Post
  • 6 Interactions

Fediverse

Profile picture

I wrote up some notes on the new CVE in gitRepo volumes. TL;DR. is that I don't think it'll affect that many clusters as it's only relevant in quite specific circumstances, but I do think it's worth cluster operators blocking the use of gitRepo volumes unless they need them, as the feature is deprecated and not getting patches and has had two recent CVES.

raesene.github.io/blog/2025/03

  • 1
  • 5
  • 1 hour ago

Overview

  • Microsoft
  • Microsoft Dataverse

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.05%

KEV

Description

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 3 Interactions

Fediverse

Profile picture

The dataverse was vulnerable, whatever that is. I read about it with a previous vuln and already forgot. Not listed as exploited. That they know of...

msrc.microsoft.com/update-guid

sev:CRIT 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 2
  • 18 hours ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

10 Mar 2025
Published
12 Mar 2025
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture
This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?):

https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/

There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:

https://github.com/iSee857/CVE-2025-24813-PoC/

This PoC will raise the EPSS score too.
  • 1
  • 1
  • 5 hours ago

Overview

  • Santesoft
  • Sante PACS Server

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

BoF in PACS Server.

tenable.com/security/research/

`sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 1
  • 18 hours ago
Showing 1 to 10 of 24 CVEs