CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.Read More ...

Continue Reading

May 02, 2023

U.S. Department of State: IDOR in TalentMAP API can be abused to enumerate personal information of all the users

## Summary: I hope you're having a good day. Before starting to describe this vulnerability, I would like to thank the HackerOne triage team for doing the difficult job of triaging all these issues. ...

Continue Reading

May 01, 2023

Internet Bug Bounty: JWT audience claim is not verified

All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audience) claim in signed ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

Nacos 2.0.3 – Access Control vulnerability

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Nacos 2.0.3 – Access Control vulnerability

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Nacos 2.0.3 Access Control

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

CVE-2023-27487

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks a ...

Continue Reading

May 01, 2023

CVSS3 - CRITICAL

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenR ...

Continue Reading

May 01, 2023

CVSS3 - CRITICAL

CVSS2 - HIGH

1 518 519 520 521 522 551

Back to Main
Subscribe for the latest news: