Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-w443-5h3j-jqcp: Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references. ### Original Description In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

ghsa
Open in Source
#vulnerability#web#git
GHSA-537f-gxgm-3jjq: OpenPubkey Vulnerable to Authentication Bypass

### Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. ### Patches Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. ### References [CVE-2025-3757 ](https://www.cve.org/CVERecord?id=CVE-2025-3757)

Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…

GHSA-9p3p-w5jf-8xxg: Kirby vulnerable to path traversal in the router for PHP's built-in server

### TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are *not* affected. ---- ### Introduction For use with PHP's built-in web server, Kirby provides a `router.php` file. The router delegates requests to static files to PHP so that assets and other static files in the document root can be accessed by the browser. This logic was vulnerable against path traversal attacks. By using special elements such as `..` and `/` separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the `../` sequence, which in most modern operating systems is interpreted as the parent directory of the current location. ### Impact The missing path traversal check allowed attackers to navigate all files on the server that were a...

Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud

Android’s “Scam Detection” protection in Google Messages will now be able to flag even more types of digital fraud.

PrepHero-Linked Database Exposed Data of 3M Students and Coaches

A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details…

iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack

Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”…

An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado

Before a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address.