A library for performing OAuth Device flow and Web application flow in Go client apps.Read More ...
Continue Reading
May 01, 2023
[]() Cybersecurity researchers have disclosed details of a n ...
Continue Reading
May 01, 2023
@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. When using the `AWS Cognito` login provider for authentication, the library doesn't check access or ID tokens generated through ...
Continue Reading
May 01, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
March 27, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
March 27, 2023
## Team, May you all be well on your side of the screen. :) *. While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. ## Proof of concept: *. I have ...
Continue Reading
March 27, 2023
github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker is able to send AJAX requests on behalf of the victim through OAuth flow completion endpoints v ...
Continue Reading
March 27, 2023
## Summary: Path traversal in OAuth `redirect_uri` which can lead to users authorization code being leaked to any malicious user. The following authorization code flow request is generated at booth lo ...
Continue Reading
March 22, 2023
Back to Main
