Overview
- ConnectWise
- ScreenConnect
Description
Statistics
- 2 Posts
Bluesky
Overview
- VMware
- Spring AI
- Spring AI
Description
Statistics
- 3 Posts
Overview
- VMware
- Spring AI
- Spring AI
Description
Statistics
- 5 Posts
Overview
Description
Statistics
- 2 Posts
- 5 Interactions
Fediverse
Seriously, any iOS experts looked into if CVE-2025-43520 from the DarkSword vulns could be used for KFD/MacDirtyCow-style file modding?
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
According to TAG’s analysis, DarkSword “uses CVE-2025-43520, a kernel-mode race condition in XNU’s virtual filesystem (VFS) implementation” I’m guessing it’s https://github.com/apple-oss-distributions/xnu/blob/bbb1b6f9e71b8cdde6e5cd6f4841f207dee3d828/bsd/vfs/vfs_cluster.c#L3700 ? There’s several VFS changes; not sure if this is the right one.
If it is this one, I guess you’d somehow
- Make a contiguous memory region,
- start reading a file into it,
- then switch it to a non-contiguous region after it’s validated the region, but before it actually starts reading the file,
- so it ends up writing what it thinks is your contiguous area, but actually is the first part of your area followed by some other memory?
Overview
Description
Statistics
- 1 Post
- 2 Interactions
Overview
- apostrophecms
- import-export
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
🚨 CRITICAL: CVE-2026-32731 in ApostropheCMS import-export (<3.5.3) allows path traversal via crafted .tar.gz uploads — attackers can write files anywhere the Node.js process can. Upgrade to 3.5.3+ ASAP! https://radar.offseq.com/threat/cve-2026-32731-cwe-22-improper-limitation-of-a-pat-efa014e1 #OffSeq #CVE202632731 #ApostropheCMS #infosec
Overview
- opf
- openproject
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🚨 CRITICAL: CVE-2026-32698 in OpenProject (CVSS 9.1) enables SQL injection via admin-created custom fields, leading to potential RCE if chained with repo module bug. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32698-cwe-89-improper-neutralization-of-s-a9afd70e #OffSeq #SQLInjection #OpenProject #InfoSec
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Bluesky
Overview
- isaacs
- brace-expansion
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- isaacs
- node-tar
Description
Statistics
- 1 Post
- 1 Interaction