Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 15, 2022
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+ ...
Continue Reading
November 15, 2022
[7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/https: improper sanitization of Transfer-Encoding header - resolve CVE ...
Continue Reading
November 15, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin (versions Read More ...
Continue Reading
November 15, 2022
Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin (versions Read More ...
Continue Reading
November 15, 2022
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.5.1 ...
Continue Reading
November 15, 2022
Chat is a set of open source team chat software. Rocket.Chat v4.6.4 and earlier versions contain an information disclosure vulnerability, which stems from OAuth tokens being leaked in plaintext in the ...
Continue Reading
October 20, 2022
Stolen and compromised credentials are the number one cause of data breaches across the industry. GitHub has a long history of protecting developers and enterprises from such threats with security eff ...
Continue Reading
October 18, 2022
Back to Main
