At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), w ...
Continue Reading
March 03, 2023
org.keycloak:keycloak-services is vulnerable to Cross-site Scripting (XSS) attacks. A remote attacker is able to insert an arbitrary URI into an error page via the `oob OAuth` endpoint due to incorrec ...
Continue Reading
March 03, 2023
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as [Wordfence Intelligence Community Edition](). This database ...
Continue Reading
March 02, 2023
A reflected cross-site scripting (XSS) vulnerability was found in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key ...
Continue Reading
March 01, 2023
A reflected cross-site scripting (XSS) vulnerability was found in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key ...
Continue Reading
March 01, 2023
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key ...
Continue Reading
March 01, 2023
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. ### PoC The PoC will be displayed ...
Continue Reading
February 28, 2023
The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.Read More ...
Continue Reading
February 28, 2023
Back to Main
