# Description TeamPass `/authorize` API endpoint is vulnerable to SQL injection in the `login` field. It is possible to forge an arbitrary Blowfish hash and use it in the query to bypass the password ...
Continue Reading
March 21, 2023
The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0794-1 advisory. - PyJWT is a Python implementa ...
Continue Reading
March 18, 2023
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any ac ...
Continue Reading
March 13, 2023
March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. We've already seen some fruits of that labor ...
Continue Reading
March 09, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A ...
Continue Reading
March 04, 2023
At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), w ...
Continue Reading
March 03, 2023
github.com/mosn/mosn is vulnerable to Privilege Escalation. The vulnerability exists due to the `prefixMatcher` function in `matcher.go` while using JWT authorization, which is case-sensitive to the p ...
Continue Reading
March 01, 2023
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via ma ...
Continue Reading
February 28, 2023
Back to Main
