Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

...Read More ...

Continue Reading

August 15, 2024

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command.. ...

Continue Reading

August 15, 2024

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection

...Read More ...

Continue Reading

August 15, 2024

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

Magento 2 patch for CVE-2024-34102(aka CosmicSting) Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento. Description Impact The at ...

Continue Reading

August 14, 2024

OpenMetadata authentication bypass and SpEL injection exploit chain

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vuln ...

Continue Reading

August 14, 2024

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by Java JWT vulnerability

Summary IBM Sterling Connect:Direct Web Service is vulnerable to JJWT version 0.9.1. Connect:Direct Web Services has upgraded to version 0.12.5 to address CVE-2024-31033. Vulnerability Details ** CVEI ...

Continue Reading

August 09, 2024

Open WebUI 0.1.105 File Upload / Path Traversal

...Read More ...

Continue Reading

August 08, 2024

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)

Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. (CVE-2024-33531) Vulnerability Details ** CVEID: CVE-2024-33531 DESCRIPTION: **lua-resty-jwt could allow a remote attacker ...

Continue Reading

August 08, 2024

1 385 386 387 388 389 551

Back to Main
Subscribe for the latest news: