Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute ...

Continue Reading

August 25, 2023

### Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. ### Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are usin ...

Continue Reading

August 25, 2023

It’s been [reported ]()that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a mor ...

Continue Reading

August 25, 2023

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEKBStGnK111TZtZa0UbBNbjE8f7mIR3uFR0dnBiTkEAI_7m3ncP1o2hrCb6dbZzB9fWz0OmLqOx2h0_d5f9ZooU0NLKyjjvM4Jdncb8wf3pgsUWrfVTA9JHNLLTELJJ0CvqZH4m ...

Continue Reading

August 25, 2023

Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the `/-/api` endpoint, resulting in databases and tables disclosure to un ...

Continue Reading

August 25, 2023

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading

August 25, 2023

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading

August 25, 2023

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: >= 5.2.0 Not affected: R ...

Continue Reading

August 25, 2023