IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication...Read More ...
Continue Reading
September 24, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication...Read More ...
Continue Reading
September 24, 2024
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXview One, MXview One Central Manager Series Vulnerabilities: Cleartext Stora ...
Continue Reading
September 24, 2024
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXview One, MXview One Central Manager Series Vulnerabilities: Cleartext Stora ...
Continue Reading
September 24, 2024
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: ``` POST /de2api/datasource/validate HTTP/1.1 Host: dataeas ...
Continue Reading
September 24, 2024
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: ``` POST /de2api/datasource/validate HTTP/1.1 Host: dataeas ...
Continue Reading
September 23, 2024
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of se ...
Continue Reading
September 23, 2024
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whic ...
Continue Reading
September 21, 2024
Back to Main
