Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in...Read More ...
Continue Reading
September 21, 2024
Security Advisory Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message whi ...
Continue Reading
September 20, 2024
Security Advisory Description Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, ...
Continue Reading
September 20, 2024
Security Advisory Description Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot co ...
Continue Reading
September 20, 2024
Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/cre ...
Continue Reading
September 20, 2024
Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters lik ...
Continue Reading
September 20, 2024
Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters lik ...
Continue Reading
September 20, 2024
Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1 ...
Continue Reading
September 20, 2024
Back to Main
