New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose the ...

Continue Reading

August 22, 2024

Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in...Read More ...

Continue Reading

August 22, 2024

Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

Argo CD will blindly trust JWT claims if anonymous access is enabled in...Read More ...

Continue Reading

August 22, 2024

JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium

JWT leak via Open Redirect in Programmatic access in...Read More ...

Continue Reading

August 22, 2024

CentOS 8 : jose (CESA-2024:5294)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:5294 advisory. latchset jose through version 11 allows attackers to ...

Continue Reading

August 21, 2024

CVE-2024-8005

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. Th ...

Continue Reading

August 21, 2024

KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys in github.com/KubeOperator/kubepi

KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys in...Read More ...

Continue Reading

August 21, 2024

JWT audience claim is not verified in github.com/argoproj/argo-cd

JWT audience claim is not verified in...Read More ...

Continue Reading

August 21, 2024

1 19 20 21 22 23 187

Back to Main
Subscribe for the latest news: