Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - In nghttp2 before version 1.41.0, the overly large ...

Continue Reading
Authorization Bypass

github.com/usememos/memos is vulnerable to Authorization Bypass. The vulnerability exists in `JWTMiddleware` function at `jwt.go` due to improper handling of JWT tokens which allows an attacker to per ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

GraphQL Vulnerabilities and Common Attacks: What You Need to Know

GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usag ...

Continue Reading
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit `c9aa2eeb9` access tokens which fail validation are rejected.Read More ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit `c9aa2eeb9` access tokens which fail validation are rejected.Read More ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

Security Bulletin: Operations Dashboard is vulnerable to remote code execution, privilege escalation, and denial of service due to multiple Go vulnerabilities

## Summary Operations Dashboard is vulnerable to remote code execution, privilege escalation, and denial of service due to multiple Go vulnerabilities with details below (CVE-2023-29405, CVE-2023-2940 ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.Read More ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

CVE-2023-40171

Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authenticat ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Back to Main

Subscribe for the latest news: