Tag
#auth
Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers.
### Summary Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using `mw.util.addSubtitle`, allowing any user to insert arbitrary HTML into the DOM by editing a page. ### Details The description provided by the user via the `{{SHORTDESC:}}` parser function is insufficiently sanitized by the `sanitize()` function, as html entities are decoded: https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/blob/7244b1e8b5cb6dbd7e546c5be7fed8a56e33d065/includes/Hooks/ParserHooks.php#L147-L159 Via JS, the short description is then passed to `mw.util.addSubtitle`, which inserts it as raw HTML: https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/blob/7244b1e8b5cb6dbd7e546c5be7fed8a56e33d065/modules/ext.shortDescription.js#L8 https://github.com/wikimedia/mediawiki/blob/96372101b3c579d9992e8a31a3ccd90a937cac47/resources/src/mediawiki.util/util.js#L552-L563 ### PoC 1. Enable ShortDescription 2. Make sure `$wgSho...
### Summary Short descriptions set via the [ShortDescription extension](https://www.mediawiki.org/wiki/Extension:ShortDescription) are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. ### Details The `shortdesc` property, which contains unsanitized user input, is retrieved from the OutputPage and returned as the tagline: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/0d8a44011e02a081618359a1e90f462478e807aa/includes/Components/CitizenComponentPageHeading.php#L249-L251 The tagline is then provided to the template data: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/0d8a44011e02a081618359a1e90f462478e807aa/includes/Components/CitizenComponentPageHeading.php#L270-L275 The template then inserts the tagline into raw HTML without doing any escaping: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/0d8a44011e02a081618359a1e90f462478e807aa/templates/PageHeading.mustache#L12 ...
### Summary A vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page More details: [CVE-2025-49826](https://vercel.com/changelog/cve-2025-49826) ## Credits - Allam Rachid [zhero;](https://zhero-web-sec.github.io/research-and-things/) - Allam Yasser (inzo)
Email is still the backbone of how businesses communicate, with more than 300 billion messages sent every day.…
### Summary A cache poisoning issue in **Next.js App Router >=15.3.0 and < 15.3.3** may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in **Next.js 15.3.3**. Users on affected versions should **upgrade immediately** and **redeploy** to ensure proper caching behavior. More details: [CVE-2025-49005](https://vercel.com/changelog/cve-2025-49005)
## Summary An authorization vulnerability was discovered in the `/rest/executions/:id/stop` endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. ### Impact This is an **improper authorization** vulnerability. While most API methods enforce user-scoped access to workflow execution IDs, the `/stop` endpoint fails to do so. An attacker can guess or enumerate execution IDs (which are sequential and partially exposed via verbose error messages) and terminate active workflows initiated by other users. **Who is impacted:** - Environments where multiple users with varying trust levels share access to the same n8n instance. - All users running long-running or time-sensitive workflows (e.g., using the `wait` node). An attacker with authenticated access can exploit this flaw to: - Disrupt other users’ workflow executions. - Cause denial of service for business-critical automa...
The platform, which allows users to anonymously share the locations of ICE agents, is currently the third-most-downloaded iPhone app.
This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.
Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border.