NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...
Continue Reading
June 23, 2022
# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...
Continue Reading
June 23, 2022
# Description Hi there, there is a stored XSS in Oauth application name. # Proof of Concept 1. Install a local instance of Autolab. 2. Go to `/oauth/applications` and create a new application with na ...
Continue Reading
June 23, 2022
Team, May you all be well on your side of the screen. :) While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of con ...
Continue Reading
June 23, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a director ...
Continue Reading
June 23, 2022
### Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentic ...
Continue Reading
June 23, 2022
 Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera ...
Continue Reading
June 23, 2022
Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a ...
Continue Reading
June 23, 2022
Back to Main
