The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two a ...
Continue Reading
January 20, 2024
Impact The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.16 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on ...
Continue Reading
January 20, 2024
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log...Read ...
Continue Reading
January 19, 2024
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch/<uuid>/history can be accessed by any unau ...
Continue Reading
January 19, 2024
Impact The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.16 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on ...
Continue Reading
January 19, 2024
CVE-2024-22416 Reference report: GHSA-pgpj-v85q-h5fm This repository contains a docker compose configuration that setups both a pyLoad server and an attacker server that just provides a csrf.html. To ...
Continue Reading
January 19, 2024
Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross- ...
Continue Reading
January 19, 2024
A flaw was found in the Argo CD API before versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. These versions are vulnerable to a Cross-server request forgery (CSRF) attack when the attacker can write HTML t ...
Continue Reading
January 19, 2024
Back to Main
