USN-7366-1: Rack vulnerabilities

Read Time:25 Second

Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A
remote attacker could possibly use this issue to perform CRLF injection.
(CVE-2025-25184)

Phạm Quang Minh discovered that Rack incorrectly handled certain headers. A
remote attacker could possibly use this issue to perform log injection.
(CVE-2025-27111)

Phạm Quang Minh discovered that Rack did not properly handle relative file
paths. A remote attacker could potentially exploit this to include local
files that should have been inaccessible. (CVE-2025-27610)

Friday Squid Blogging: Squid Werewolf Hacking Group

Solar Power System Vulnerabilities Could Result in Blackouts

Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices

VanHelsing ransomware: what you need to know

Trump CISA Cuts Threaten US Election Integrity, Experts Warn

Morphing Meerkat PhaaS Platform Spoofs 100+ Brands

AIs as Trusted Third Parties

CoffeeLoader Malware Loader Linked to SmokeLoader Operations

When Getting Phished Puts You in Mortal Danger

containernetworking-plugins-1.5.1-2.fc40

matrix-synapse-1.111.1-4.fc40

matrix-synapse-1.118.0-4.fc41

matrix-synapse-1.127.1-1.fc42

cri-tools1.29-1.29.0-11.fc41

cri-tools1.29-1.29.0-11.fc42