An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows ...
Continue Reading
July 25, 2023
### Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. ### Patches * Patched in v3.1.3 * Backported to v2.x line via v2.8.13 ## ...
Continue Reading
July 25, 2023
### Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. ### Patches * Patched in v3.1.3 * Backported to v2.x line via v2.8.13 ## ...
Continue Reading
July 25, 2023
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted ...
Continue Reading
July 25, 2023
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.Read More ...
Continue Reading
July 17, 2023
An insufficient session expiration [CWE-613] vulnerability in FortiOS REST API may allow an attacker to reuse the session of a deleted user, should the attacker manage to obtain the API token.Read Mor ...
Continue Reading
July 13, 2023
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session ...
Continue Reading
July 11, 2023
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.Read More ...
Continue Reading
July 07, 2023
Back to Main
