Mattermost fails to properly check a redirect URL parameter allowing for anĀ open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom ur ...
Continue Reading
December 14, 2023
next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or ...
Continue Reading
December 14, 2023
Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm Gi ...
Continue Reading
December 14, 2023
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6972 advisory. Grafana is validating Azure AD accounts based on th ...
Continue Reading
December 14, 2023
None Notice For Microsoft Exchange Server 2016 installations, see also KB 5032147 for additional information about issues that are fixed in this security update. This security update rollup resolve ...
Continue Reading
December 14, 2023
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are ...
Continue Reading
December 14, 2023
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer f ...
Continue Reading
December 14, 2023
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: account takeover possible when using Azure AD OAuth ( ...
Continue Reading
December 14, 2023
Back to Main
