Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up ...
Continue Reading
June 17, 2024
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly recon ...
Continue Reading
June 17, 2024
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcur ...
Continue Reading
June 17, 2024
snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self ...
Continue Reading
June 17, 2024
lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30...Read Mo ...
Continue Reading
June 17, 2024
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const Web ...
Continue Reading
June 17, 2024
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, ever ...
Continue Reading
June 17, 2024
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the ...
Continue Reading
June 17, 2024
Back to Main
