pyLoad is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to a missing SameSite attribute for the session cookie. This allows an attacker to perform a Cross-Site Request Forg ...
Continue Reading
January 23, 2024
github.com/argoproj/argo-cd is vulnerable to Cross-site Request Forgery (CSRF). The vulnerability is due to a lack of strict content type validation for API requests. It accepts requests with non-JSON ...
Continue Reading
January 23, 2024
Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes { and xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a sh ...
Continue Reading
January 23, 2024
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.sign_digest() API function and timing signatures an attacker can leak the internal n ...
Continue Reading
January 23, 2024
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the stan ...
Continue Reading
January 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can ...
Continue Reading
January 22, 2024
Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes { and xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a sh ...
Continue Reading
January 22, 2024
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.sign_digest() API function and timing signatures an attacker can leak the internal n ...
Continue Reading
January 22, 2024
Back to Main
