Vulnerabilities, exploits, attacks and threats

Well-known information security vulnerabilities database

Main
CVE-2022-28924

An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. ...

Continue Reading
GitHub Security Lab: [Java]: CWE-321 – Query to detect hardcoded JWT secret keys

This bug was reported directly to GitHub Security Lab. ...

Continue Reading
curl: Memory leak in CURLOPT_XOAUTH2_BEARER

## Summary: Once a bearer token is set with `CURLOPT_XOAUTH2_BEARER`, each HTTP request done with the same handler leaks the token itself. ## Steps To Reproduce: Given the following code: ```c #includ ...

Continue Reading
Leakage of third-party OAuth token via redirect

# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...

Continue Reading
SSRF in editor’s proxy via IPv6 link-local address

# Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.java#L255L257, it checks for loca ...

Continue Reading
Path Traversal in WellKnownServlet

# Description The `WellKnownServlet` is vulnerable to path traversal. This allows reading local files. For example the files in `WEB-INF` that contain secrets and API keys can be read. https://github. ...

Continue Reading
SSRF via IPv6 address 2

# Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 ar ...

Continue Reading
CVE-2022-29214

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...

Continue Reading