Overview
Description
Statistics
- 1 Post
- 4 Interactions
Overview
- argoproj
- argo-workflows
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
ZipSlip RCE in argo-workflows.
https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5.
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
📰 New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics
New 'Broadside' botnet, a Mirai variant, targets the maritime sector by exploiting a critical DVR flaw (CVE-2024-3721). 🚢 Beyond DDoS, it harvests credentials, posing a risk to vessel OT systems. #Botnet #Mirai #Maritime #IoT #CyberSecurity
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
@fuzzyfuzzyfungus @badsamurai I will take this one: yes. The CVE-2022-30190 "Follina" vulnerability was exploitable by the terminal launching ms-msdt URLs due to this very "feature."
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- LabRedesCefetRJ
- WeGIA
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL: CVE-2025-67501 in WeGIA (<3.5.5) enables SQL Injection via id_categoria in editar_categoria.php. Attackers can compromise database. Upgrade to 3.5.5+ ASAP! https://radar.offseq.com/threat/cve-2025-67501-cwe-89-improper-neutralization-of-s-14e94ab2 #OffSeq #Vuln #SQLInjection #Cybersecurity