Sensiolabs/connect is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the absence of a state parameter in OAuth requests, which exposes applications to CSRF attacks during ...
Continue Reading
May 24, 2024
The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048. This means that an attacker that ...
Continue Reading
May 24, 2024
AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with t ...
Continue Reading
May 22, 2024
Versions of sensiolabs/connect prior to 4.2.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability due to the absence of the state parameter in OAuth requests. The lack of proper state pa ...
Continue Reading
May 21, 2024
Versions of sensiolabs/connect prior to 4.2.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability due to the absence of the state parameter in OAuth requests. The lack of proper state pa ...
Continue Reading
May 21, 2024
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without ...
Continue Reading
May 21, 2024
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is r ...
Continue Reading
May 21, 2024
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use ...
Continue Reading
May 21, 2024
Back to Main
