Cleartext Transmission Of Sensitive Information

dectalk-tts is vulnerable to Cleartext Transmission of Sensitive Information ('Man-in-the-Middle'). The vulnerability is due to unencrypted HTTP traffic being sent to a third-party API. This ...

Continue Reading
Cross-Site Request Forgery (CSRF)

github.com/AlexxIT/go2rtc is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the /api/config endpoint which lacks validation for user-supplied input, allowing an attacker ...

Continue Reading
Arbitrary File Read

github.com/canonical/pebble is vulnerable to a Arbitrary File Read. The vulnerability is due to the read-file API and the associated pebble pull command, allowing unprivileged local users to access fi ...

Continue Reading
Ollama DNS rebinding vulnerability

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model ...

Continue Reading
Why payers are pivotal to API security across the healthcare ecosystem

...Read More ...

Continue Reading
CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model ...

Continue Reading
CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to...Read More ...

Continue Reading
Navigating SQL Injection Vulnerabilities with DAST for Modern AppSec

The digital landscape is continuously evolving, and with it, the strategies for safeguarding our applications against vulnerabilities. In a recent advisory, CISA & the FBI have highlighted the ...

Continue Reading

Back to Main

Subscribe for the latest news: