Tag

Path Traversal

All articles tagged with #path traversal

cybersecurity21 days ago•53 min saved

Critical UniFi Flaws Allow Full System Takeover, Patch Now

Ubiquiti disclosed two critical-to-high vulnerabilities in UniFi Network Application: CVE-2026-22557, a path-traversal flaw that can allow unauthenticated attackers to seize full control of the underlying host, and CVE-2026-22558, an authenticated NoSQL injection enabling privilege escalation. Affected versions include UniFi Network App 10.1.85 and earlier, 10.2.93 and earlier, and UniFi Express Network App 9.0.114 and earlier. Patches are available: official 10.1.89+ (or RC 10.2.97+; UX 4.0.13+) bundling Network App 9.0.118+. Given the CVSS 10 rating for CVE-2026-22557, patch immediately and implement network segmentation/firewall controls for the UniFi management interface.

via CyberSecurityNews|

#cybersecurity #nosql-injection #path-traversal

security2 months ago•4 min saved

WinRAR ADS path-traversal flaw drives ongoing global intrusions

Security researchers warn that WinRAR CVE-2025-8088, a high-severity path-traversal flaw abusing Alternate Data Streams to drop payloads, remains actively exploited by both state-backed groups and financially motivated criminals. The exploit chain hides malicious ADS inside decoy files and uses directory traversal to drop LNK/HTA/BAT/CMD payloads that execute on login. Actors such as RomCom/UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked groups have used it for espionage and malware delivery, while criminals distribute RATs and info-stealers, with exploits marketed by underground actors. The activity underscores exploit commoditization and emphasizes the need to patch WinRAR promptly to mitigate ongoing risk.

via BleepingComputer|

#alternate-data-streams #cve-2025-8088 #path-traversal

technology8 months ago•2 min saved

Microsoft's AI Web Project Faces Security Flaws

Researchers discovered a critical security flaw in Microsoft's new NLWeb protocol, which allows remote reading of sensitive files, including API keys, due to a path traversal vulnerability. Microsoft patched the issue but has not issued a CVE, raising concerns about security oversight in AI-related protocols. The flaw could have severe consequences for AI agents relying on exposed API keys, emphasizing the need for careful security practices in deploying new AI features.

via The Verge|

#ai-vulnerability #microsoft #nlweb

api-management-vulnerability2 years ago•2 min saved

Microsoft Azure API Management Service Vulnerabilities Patched

Three new security flaws have been discovered in Microsoft Azure API Management service, including two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal. Exploitation of SSRF flaws can result in loss of confidentiality and integrity, permitting a threat actor to read internal Azure resources and execute unauthorized code. Following responsible disclosure, all the three flaws have been patched by Microsoft.

via The Hacker News|

#api-management #api-management-vulnerability #microsoft-azure