Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses ...
Continue Reading
April 04, 2024
A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to gain full a ...
Continue Reading
April 04, 2024
Chiasmodon is an OSINT (Open Source Intelligence) tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain- ...
Continue Reading
April 04, 2024
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hubert Kario discovered that python-cryptography incorrectly handled errors retur ...
Continue Reading
April 04, 2024
How to detect the CVE-2024-3094 I'll walk through the step-by-step process of detecting CVE-2024-3094, commonly known as the XZ Backdoor, in containers using Trend Micro's Vision One TMAS (C ...
Continue Reading
April 04, 2024
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configu ...
Continue Reading
April 04, 2024
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational probl ...
Continue Reading
April 04, 2024
The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated att ...
Continue Reading
April 04, 2024
Back to Main
