๐จ CVE-2025-62642
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-59933
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
๐@cveNotify
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
๐@cveNotify
GitHub
validate poppler page size (#4620) ยท libvips/libvips@a58bfae
* validate poppler page size
Poppler can return pages less than 1 pixel wide or high. Check for this
and flag an error.
Thanks Yang Luo, Riema Labs
* validate page size in svgload too
* add ima...
Poppler can return pages less than 1 pixel wide or high. Check for this
and flag an error.
Thanks Yang Luo, Riema Labs
* validate page size in svgload too
* add ima...
๐จ CVE-2025-36245
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
๐@cveNotify
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
๐@cveNotify
Ibm
Security Bulletin: IBM InfoSphere Information Server is vulnerable to execution of arbitrary commands (CVE-2025-36245)
A vulnerability that allows execution of arbitrary commands was addressed by IBM InfoSphere Information Server.
๐จ CVE-2025-59941
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
๐@cveNotify
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
๐@cveNotify
GitHub
tests: fix assertions in emulator (#1043) ยท filecoin-project/go-f3@76fff18
This PR fixes assertions checks in emulator and re-organises the
validation logic a bit to facilitate testing.
Signed-off-by: Jakub Sztandera <oss@kubuxu.com>
validation logic a bit to facilitate testing.
Signed-off-by: Jakub Sztandera <oss@kubuxu.com>
๐จ CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
๐@cveNotify
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
๐@cveNotify
GitHub
Integer overflow leading to panic go-f3 module
### Impact
Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the...
Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the...
๐จ CVE-2025-62643
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62644
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62645
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62646
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62647
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62648
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62649
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62650
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-45143
string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
๐@cveNotify
string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
๐@cveNotify
Gist
Public disclosure for a security issue inside string-math v1.2.2
Public disclosure for a security issue inside string-math v1.2.2 - gist:361608bccedb808061359481fe2f1b39
๐จ CVE-2025-45424
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
๐@cveNotify
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
๐@cveNotify
GitHub
Xinference/Xinference_Web/Xinference_Web_EN.docx at main ยท honysyang/Xinference
Contribute to honysyang/Xinference development by creating an account on GitHub.
๐จ CVE-2025-40715
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40716
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40717
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40718
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
๐@cveNotify
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-11549
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.