๐จ CVE-2025-59941
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
๐@cveNotify
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
๐@cveNotify
GitHub
tests: fix assertions in emulator (#1043) ยท filecoin-project/go-f3@76fff18
This PR fixes assertions checks in emulator and re-organises the
validation logic a bit to facilitate testing.
Signed-off-by: Jakub Sztandera <oss@kubuxu.com>
validation logic a bit to facilitate testing.
Signed-off-by: Jakub Sztandera <oss@kubuxu.com>
๐จ CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
๐@cveNotify
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
๐@cveNotify
GitHub
Integer overflow leading to panic go-f3 module
### Impact
Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the...
Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the...
๐จ CVE-2025-62643
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62644
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62645
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62646
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62647
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62648
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62649
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62650
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
๐@cveNotify
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
๐@cveNotify
archive.ph
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Auโฆ
archived 7 Sep 2025 02:06:21 UTC
๐จ CVE-2025-45143
string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
๐@cveNotify
string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
๐@cveNotify
Gist
Public disclosure for a security issue inside string-math v1.2.2
Public disclosure for a security issue inside string-math v1.2.2 - gist:361608bccedb808061359481fe2f1b39
๐จ CVE-2025-45424
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
๐@cveNotify
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.
๐@cveNotify
GitHub
Xinference/Xinference_Web/Xinference_Web_EN.docx at main ยท honysyang/Xinference
Contribute to honysyang/Xinference development by creating an account on GitHub.
๐จ CVE-2025-40715
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40716
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40717
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
๐@cveNotify
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-40718
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
๐@cveNotify
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
๐@cveNotify
www.incibe.es
[Update 08/07/2025] Multiple vulnerabilities in Quiter Gateway by Quiter
INCIBE has coordinated the publication of 11 vulnerabilities: 7 of critical severity and 4 of medium s
๐จ CVE-2025-11549
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
BinaryAudit/PoC/BOF/Tenda_W12/cgiWifiMacFilterSet/cgiWifiMacFilterSet.md at main ยท z472421519/BinaryAudit
Contribute to z472421519/BinaryAudit development by creating an account on GitHub.
๐จ CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
๐@cveNotify
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
๐@cveNotify
๐จ CVE-2017-20207
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
๐@cveNotify
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
๐@cveNotify
๐จ CVE-2017-20208
The RegistrationMagic โ Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.
๐@cveNotify
The RegistrationMagic โ Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.
๐@cveNotify