Vulnerability Summary for the Week of February 24, 2025

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
jupyterhub–ltiauthenticator	`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available.	2025-02-25	10	CVE-2023-25574
MITRE–Caldera	In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera’s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.	2025-02-24	10	CVE-2025-27364
scriptsbundle–Nokri Job Board WordPress Theme	The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of February 24, 2025 Related Tags: Bulletins EN Post navigation ← Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions Scammers Exploit Google and PayPal’s Infrastructure to Steal Users Private Data → Search for: Social Social Media Daily summary Weekly summary Privacy Policy Legal & Contact Contact Apps Advertising Daily Summary Enter your email address: GDPR compliance Categories Categories Log in Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

jupyterhub–ltiauthenticator

`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available.

2025-02-25

CVE-2023-25574

MITRE–Caldera

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera’s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

2025-02-24

CVE-2025-27364

scriptsbundle–Nokri Job Board WordPress Theme

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of February 24, 2025

← Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions

Scammers Exploit Google and PayPal’s Infrastructure to Steal Users Private Data →

High Vulnerabilities

Read the original article:

Related

Post navigation