Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password res ...
Continue Reading
September 13, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. php-jwt 1.0.0 uses strcmp (which is not constant time) to verify ...
Continue Reading
September 13, 2025
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 t ...
Continue Reading
September 13, 2025
cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access token ...
Continue Reading
September 13, 2025
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The real_pms_image_proxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated ...
Continue Reading
September 11, 2025
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The /image API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attacke ...
Continue Reading
September 11, 2025
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password res ...
Continue Reading
September 11, 2025
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password res ...
Continue Reading
September 11, 2025
Back to Main
