Posted by Daniel Owens via Fulldisclosure on Apr 26
Good morning. All current versions and all versions since the 2022/2023 “fix” to the Rails cross-site request forgery
(CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails
generates “authenticity tokens” and “csrf tokens” using a random “one time pad” (OTP). This random value is then XORed
with the “raw token” (which can take one of two…
[-] Microsoft “.library-ms” File / NTLM Information Disclosure
Spoofing (Resurrected 2025) / CVE-2025-24054
[+] John Page (aka hyp3rlinx)
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec
Back in 2018, I reported a “.library-ms” File NTLM information
disclosure vulnerability to MSRC and was told “it was not severe
enough”, that being said I post it anyways. Seven years passed, until
other researchers re-reported it….
A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP’s web-based software modelling tool. It enables business process specialists and developers to create business application components, without coding. Successful exploitation of this vulnerability could allow for remote code execution in the context of the system.
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Network drivers;
– File systems infrastructure;
– NTFS3 file system;
– Ethernet bridge;
– Ethtool driver;
– IPv6 networking;
– Network traffic control;
– VMware vSockets driver;
(CVE-2025-21993, CVE-2025-21703, CVE-2024-50248, CVE-2025-21700,
CVE-2024-50256, CVE-2025-21701, CVE-2024-56651, CVE-2025-21756,
CVE-2024-26837, CVE-2025-21702, CVE-2024-46826)
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-04-25, 0 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault’s Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 9.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise. Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions: 11.38 and 11.38.25. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.Also, organizations can restrict access to the Command Center interface to trusted networks to reduce the attack surface.What FortiGuard Coverage is available?• Intrusion Prevention System (IPS): A signature is being developed to detect and block exploit attempts targeting CVE-2025-34028.• Anti-Malware using Antivirus and Sandbox: Signatures for known malware and Behavioral detection for unknown malware are available and can protect against delivery of malware.• The FortiGuard Incident Response team is available to assist with any suspected compromise.
