Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location ...
Continue ReadingMay 25, 2023
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fail ...
Continue ReadingMay 25, 2023
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...
Continue ReadingMay 25, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The sp ...
Continue ReadingMay 24, 2023
Today, I'm excited to announce that you have a new superpower: creating applications with [Spring Authorization Server]() on [Spring Initializr]()! That's right, it's time to begin your OAuth2 journey ...
Continue ReadingMay 24, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authenticat ...
Continue ReadingMay 22, 2023
Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It – along with API Security – domina ...
Continue ReadingMay 16, 2023
## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-25864]() ** DESCRIPTION: **HashiCorp Consul is vulnerable to cross-site scrip ...
Continue ReadingMay 16, 2023
Back to Main