Summary A flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost (127.0.0.1). The isHostBlocked check, designed to prevent such ...
Continue Reading
October 25, 2024
Summary IBM Concert is vulnerable to sensitive information disclosure through specially crafted API Calls. Vulnerability Details CVEID:CVE-2024-49354 DESCRIPTION: IBM Concert is vulnerable to sensitiv ...
Continue Reading
October 25, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted...Read More ...
Continue Reading
October 25, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted...Read More ...
Continue Reading
October 25, 2024
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possib ...
Continue Reading
October 25, 2024
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection& ...
Continue Reading
October 25, 2024
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_opt ...
Continue Reading
October 25, 2024
False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging techn ...
Continue Reading
October 25, 2024
Back to Main
