Summary This vulnerability is similar to CVE-2018-14732. When running a Next.js server locally (e.g. through npm run dev), the WebSocket server is vulnerable to the Cross-site WebSocket hijacking (CSW ...
Continue Reading
May 29, 2025
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended ...
Continue Reading
May 28, 2025
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected auth_callback=1, which is leveraged by the WebSocket authentication l ...
Continue Reading
May 28, 2025
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended ...
Continue Reading
May 28, 2025
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected auth_callback=1, which is leveraged by the WebSocket authentication l ...
Continue Reading
May 28, 2025
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): libsoup: Heap buffer over-read in skip_insignificant_space when sniffing content (CVE-2025-2784) libsoup ...
Continue Reading
May 28, 2025
Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual car ...
Continue Reading
May 28, 2025
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): libsoup: Heap buffer over-read in skip_insignificant_space when sniffing content (CVE-2025-2784) libsou ...
Continue Reading
May 27, 2025
Back to Main
