Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. ...
Continue Reading
May 23, 2022
I found a CSRF Vulnerability in the update cart functionality where there is no **csrf** token being validated While updating the cart as the authenticated user **Vulnerable Request:** ``` POST /demo ...
Continue Reading
May 23, 2022
## Description It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of th ...
Continue Reading
May 23, 2022
The researcher identified a public workspace at `https://www.postman.com/3zL77NHP5yLSKc/workspace/codefi-assets-s-public-workspace/environment/19650166-866da684-1c98-492c-a9e9-6ed287c28746` containing ...
Continue Reading
May 23, 2022
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not confi ...
Continue Reading
May 23, 2022
### Impact All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only reposit ...
Continue Reading
May 23, 2022
### Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the [web bluetooth API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API) if the app ...
Continue Reading
May 23, 2022
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are ...
Continue Reading
May 23, 2022
Back to Main
