SpEL Injection in GET /api/v1/policies/validation/condition/<expr> (GHSL-2023-236) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenti ...
Continue Reading
April 24, 2024
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value...Read More ...
Continue Reading
April 24, 2024
SpEL Injection in PUT /api/v1/policies (GHSL-2023-252) Please note, only authorized and admin role users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able t ...
Continue Reading
April 23, 2024
Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, li ...
Continue Reading
April 22, 2024
Zenml-io/zenml is vulnerable to session fixation. The vulnerability is due to JWT tokens used for user authentication not being invalidated upon logout, allowing an attacker to reuse a victim's J ...
Continue Reading
April 18, 2024
The versions of Primavera Unifier installed on the remote host are affected by a denial of service (DoS) vulnerability as referenced in the April 2024 CPU advisory. The vulnerability lies in the Prima ...
Continue Reading
April 18, 2024
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authent ...
Continue Reading
April 17, 2024
Back to Main
