A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a m ...
Continue Reading
March 16, 2023
next-auth is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the missing `state`, `nonce`, and `PKCE` checks for OAuth authentication, which allows an attacker to bypa ...
Continue Reading
March 15, 2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading
March 14, 2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading
March 14, 2023
Hi, Spring fans! Happy Pi (π) day! And, welcome to another installment of _This Week in Spring_! It's pouring cats and dogs here in San Francisco! The news is talking about _atmospheric rivers_; I do ...
Continue Reading
March 14, 2023
### Impact `next-auth` applications using OAuth provider versions before `v4.20.1` are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipu ...
Continue Reading
March 13, 2023
### Impact `next-auth` applications using OAuth provider versions before `v4.20.1` are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipu ...
Continue Reading
March 13, 2023
Fastly suffers from the poor practice of sending a temporary password in plaintext.Read More ...
Continue Reading
March 13, 2023
Back to Main
