cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value...Read More ...
Continue Reading
April 24, 2024
SpEL Injection in PUT /api/v1/policies (GHSL-2023-252) Please note, only authorized and admin role users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able t ...
Continue Reading
April 23, 2024
Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, li ...
Continue Reading
April 22, 2024
Zenml-io/zenml is vulnerable to session fixation. The vulnerability is due to JWT tokens used for user authentication not being invalidated upon logout, allowing an attacker to reuse a victim's J ...
Continue Reading
April 18, 2024
The versions of Primavera Unifier installed on the remote host are affected by a denial of service (DoS) vulnerability as referenced in the April 2024 CPU advisory. The vulnerability lies in the Prima ...
Continue Reading
April 18, 2024
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authent ...
Continue Reading
April 17, 2024
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the ...
Continue Reading
April 16, 2024
Back to Main
