## Summary Using a recovery flow with an identification stage an attacker is able to determine if a username exists. ## Impact Only setups configured with a recovery flow are impacted by this. Anyone ...
Continue Reading
August 30, 2023
# Description An attacker could predict all future password reset tokens due to the use of `RandomStringUtils.randomAlphanumeric` in `PasswordService`. An attacker could crack the random number genera ...
Continue Reading
August 30, 2023
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute ...
Continue Reading
August 30, 2023
github.com/prometheus/alertmanager is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the lack of HTML sanitization in the `generatorURL` field of `Alert.elm`, which allows a ...
Continue Reading
August 30, 2023
Hi, Spring fans! Welcome to another installment of _This Week in Spring_! I'm exhausted. Seriously. Last week was mental. If you need me, I'll be over sipping on a tea... But, before that, there's a t ...
Continue Reading
August 30, 2023
## Summary Using a recovery flow with an identification stage an attacker is able to determine if a username exists. ## Impact Only setups configured with a recovery flow are impacted by this. Anyone ...
Continue Reading
August 30, 2023
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute ...
Continue Reading
August 29, 2023
Weâre incredibly excited to announce that we have launched a webhook integration for vulnerabilities as part of Wordfence Intelligence, which enables users to stay on top of the latest vulnerabil ...
Continue Reading
August 29, 2023
Back to Main
