A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentic ...
Continue Reading
December 14, 2023
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor referred ...
Continue Reading
December 14, 2023
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. T ...
Continue Reading
December 14, 2023
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have ...
Continue Reading
December 14, 2023
github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a we ...
Continue Reading
August 29, 2023
### Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already ex ...
Continue Reading
August 23, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
August 23, 2023
### Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already ex ...
Continue Reading
August 23, 2023
Back to Main
