Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoin ...
Continue Reading
April 05, 2024
Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload c ...
Continue Reading
April 05, 2024
Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical (ACMv1: I:Critical; L:AlmostCertain) Affected versions: < v4.6.0, < ...
Continue Reading
April 05, 2024
An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulne ...
Continue Reading
April 05, 2024
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active ...
Continue Reading
April 05, 2024
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident ...
Continue Reading
April 05, 2024
github.com/ossrs/srs is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation on the /api/v1/vhosts/vid-?callback= endpoint. This allowing the injection of mali ...
Continue Reading
April 05, 2024
dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic ca ...
Continue Reading
April 05, 2024
Back to Main
