A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the pol ...
Continue Reading
August 24, 2023
wallabag/wallabag is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists in the `deleteClientAction` function of `DeveloperController.php` as it does not properly validate the CS ...
Continue Reading
August 24, 2023
Ivanti has published a [security blog post]() about a vulnerability in Ivanti Sentry, formerly MobileIron Sentry. Successful exploitation of the vulnerability would enable an unauthenticated attacker ...
Continue Reading
August 24, 2023
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive d ...
Continue Reading
August 24, 2023
By [Waqas]() Duolingo Investigates Data Leak as Hacker Shares Personal User Information on Hacker Forums and Telegram. This is a post from HackRead.com Read the original post: [API Misuse: Hacker Expo ...
Continue Reading
August 23, 2023
### Impact XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a docu ...
Continue Reading
August 23, 2023
### Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. ### Patch ...
Continue Reading
August 23, 2023
### Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. ### Patch ...
Continue Reading
August 23, 2023
Back to Main
