In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.Read More ...
Continue Reading15 декабря, 2023
The version of Mattermost Server running on the remote host is prior to 7.8.13, 8.x prior to 8.1.4, 9.0.x prior to 9.0.2 or 9.1.x prior to 9.1.1. It is, therefore, affected by multiple vulnerabilities ...
Continue Reading15 декабря, 2023
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, wh ...
Continue Reading15 декабря, 2023
![Threat Roundup for November 3 to November 10](https://blog.talosintelligence.com/content/images/2023/11/threat-roundup-1.jpg) Today, Talos is publishing a glimpse into the most prevalent threats we' ...
Continue Reading15 декабря, 2023
Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issu ...
Continue Reading15 декабря, 2023
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: account takeover possible when using Azure AD OAuth ( ...
Continue Reading15 декабря, 2023
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...
Continue Reading15 декабря, 2023
The [2023 SANS Survey on API Security]() (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm d ...
Continue Reading15 декабря, 2023
Back to Main