An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary head ...
Continue Reading
January 04, 2023
## Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API (217968, CVE-2020-36518). A fix is available to address the v ...
Continue Reading
January 04, 2023
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to information disclosure. A remote authenticated attacker is able to view any content from private memos from other users via the API.Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to information disclosure. An attacker is able to make a private memo into a public memo in order to view it using the memo ID via making a PATCH request to `/a ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to privilege escalation. An authenticated user is able to delete all notes of the whole application via the `DELETE` API.Read More ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members with any role, via the `user` API, which allows the attacker to takeover memos application ...
Continue Reading
January 04, 2023
github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to send a malicious link via the `memo` API to the victim and when they click on it, any thoughts will be add ...
Continue Reading
January 04, 2023
Back to Main
