The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attackRead More ...
Continue Reading07 марта, 2023
The plugin does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attackRead More ...
Continue Reading07 марта, 2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading07 марта, 2023
At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), w ...
Continue Reading03 марта, 2023
org.keycloak:keycloak-services is vulnerable to Cross-site Scripting (XSS) attacks. A remote attacker is able to insert an arbitrary URI into an error page via the `oob OAuth` endpoint due to incorrec ...
Continue Reading03 марта, 2023
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as [Wordfence Intelligence Community Edition](). This database ...
Continue Reading02 марта, 2023
A reflected cross-site scripting (XSS) vulnerability was found in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key ...
Continue Reading01 марта, 2023
A reflected cross-site scripting (XSS) vulnerability was found in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key ...
Continue Reading01 марта, 2023
Back to Main