#git

### Impact A maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other w...

A security vulnerability was discovered in the `gardenlet` component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. ### Am I Vulnerable? This CVE affects all Gardener installations where https://github.com/gardener/gardener-extension-provider-gcp is in use. ### Affected Components - `gardener/gardener` (`gardenlet`) ### Affected Versions - < v1.116.4 - < v1.117.5 - < v1.118.2 - < v1.119.0 ### Fixed Versions - &gt;= v1.116.4 - &gt;= v1.117.5 - &gt;= v1.118.2 - &gt;= v1.119.0 ### How do I mitigate this vulnerability? Update to a fixed version.

The Take It Down Act requires platforms to remove instances of “intimate visual depiction” within two days. Free speech advocates warn it could be weaponized to fuel censorship.

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. ### Am I Vulnerable? This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. ### Affected Components - `gardener/gardener` ### Affected Versions - < v1.116.4 - < v1.117.5 - < v1.118.2 - < v1.119.0 ### Fixed Versions - &gt;= v1.116.4 - &gt;= v1.117.5 - &gt;= v1.118.2 - &gt;= v1.119.0 ### How do I mitigate this vulnerability? Update to a fixed version.

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. ### Am I Vulnerable? This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. ### Affected Components - `gardener/external-dns-management` ### Affected Versions - < 0.23.6 ### Fixed Versions - &gt;= 0.23.6 ### Important The `external-dns-management` component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. ### How do I mitigate this vulnerability? Updat...

The UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen.…

### Summary A path traversal vulnerability in `PackageIndex` was fixed in setuptools version 78.1.1 ### Details ``` def _download_url(self, url, tmpdir): # Determine download filename # name, _fragment = egg_info_for_url(url) if name: while '..' in name: name = name.replace('..', '.').replace('\\', '_') else: name = "__downloaded__" # default if URL has no path contents if name.endswith('.[egg.zip](http://egg.zip/)'): name = name[:-4] # strip the extra .zip before download --> filename = os.path.join(tmpdir, name) ``` Here: https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 `os.path.join()` discards the first argument `tmpdir` if the second begins with a slash or drive letter. `name` is derived from a URL without sufficient sanitization. While there is some attempt to sanitize by replacing instanc...

### LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. ## ---------------------------------POC----------------------------- Before Setting: Enable 'distributed_poller' in http://localhost/settings/poller/distributed 1. Attacker creates a new poller group and injects the payload in the 'group name' parameter ``` payload: <script>alert('XSS')</script> ``` 2. Victim navigates to the 'http://localhost/addhost' to add a new host 3. The payload is executed code sink: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…