It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesnât ...
Continue Reading
January 18, 2023
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
January 18, 2023
### Impact It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item's individuality and the user was able to skip the clearance sale in ca ...
Continue Reading
January 18, 2023
### Impact It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item's individuality and the user was able to skip the clearance sale in ca ...
Continue Reading
January 18, 2023
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that prog ...
Continue Reading
January 18, 2023
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi- ...
Continue Reading
January 18, 2023
## Summary There are multiple vulnerabilities in IBM® SDK Java⢠Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disc ...
Continue Reading
January 18, 2023
## Summary There are multiple vulnerabilities in IBM® SDK Java⢠Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of t ...
Continue Reading
January 18, 2023
Back to Main
