This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific f ...
Continue Reading25 августа, 2023
## Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. UPDATE: This means that the API sometimes returns more objects than it ...
Continue Reading25 августа, 2023
## Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. UPDATE: This means that the API sometimes returns more objects than it ...
Continue Reading25 августа, 2023
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute ...
Continue Reading25 августа, 2023
### Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. ### Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are usin ...
Continue Reading25 августа, 2023
Itâs been [reported ]()that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. Thereâs a mor ...
Continue Reading25 августа, 2023
[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEKBStGnK111TZtZa0UbBNbjE8f7mIR3uFR0dnBiTkEAI_7m3ncP1o2hrCb6dbZzB9fWz0OmLqOx2h0_d5f9ZooU0NLKyjjvM4Jdncb8wf3pgsUWrfVTA9JHNLLTELJJ0CvqZH4m ...
Continue Reading25 августа, 2023
Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the `/-/api` endpoint, resulting in databases and tables disclosure to un ...
Continue Reading25 августа, 2023
Back to Main