Today, I'm excited to announce that you have a new superpower: creating applications with [Spring Authorization Server]() on [Spring Initializr]()! That's right, it's time to begin your OAuth2 journey ...
Continue Reading
May 24, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authenticat ...
Continue Reading
May 22, 2023
Welcome to our April API newsletter, recapping some of the events of last month. This monthâs topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It â along with API Security â ...
Continue Reading
May 16, 2023
## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-25864]() ** DESCRIPTION: **HashiCorp Consul is vulnerable to cross-site scrip ...
Continue Reading
May 16, 2023
## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-15112]() ** DESCRIPTION: **etcd is vulnerable to a denial of service, caused ...
Continue Reading
May 15, 2023
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it a ...
Continue Reading
May 11, 2023
github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the `initContextWithJWT` function of `auth_jwt.go` because the JWT URL-login flow leaks tokens to data s ...
Continue Reading
May 06, 2023
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-165 advisory. - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior ...
Continue Reading
May 04, 2023
Back to Main
