Improper Authorization in GitHub repository modoboa/modoboa prior to...Read More ...
Continue Reading
April 26, 2024
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the ser ...
Continue Reading
April 26, 2024
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is ...
Continue Reading
April 26, 2024
An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows a ...
Continue Reading
April 26, 2024
Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as Jav ...
Continue Reading
April 26, 2024
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to...R ...
Continue Reading
April 26, 2024
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information disclosure in Kubernetes, caused by a confused deputy attack. [CVE-2021-25740]. Kubernetes is inclu ...
Continue Reading
April 25, 2024
umbraco is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in API endpoint handling, that allows attackers to inject SQL code through modified...Read More ...
Continue Reading
April 25, 2024
Back to Main
