Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,

The Hacker News
Open in Source
#vulnerability#rce#ssrf#auth#ssh#The Hacker News
GHSA-7v6m-28jr-rg84: Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…

Chrome Drops Trust for Chunghwa, Netlock Certificates

Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.

Code Bug at Compliance Firm Vanta Leaks Customer Data to Other Clients

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…

How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.

GHSA-9qvj-rpj8-v5c8: Pekko Management may not properly apply authenticator when Basic Authentication enabled

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.

GHSA-5gr5-vmmr-82g6: Erupt Unrestricted Upload of File with Dangerous Type vulnerability

An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.

Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims

North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer…

The North Face warns customers about potentially stolen data

For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This...