The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code...Read More ...
Continue Reading
May 22, 2025
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact w ...
Continue Reading
May 22, 2025
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka...Read More ...
Continue Reading
May 22, 2025
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact w ...
Continue Reading
May 22, 2025
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code...Read More ...
Continue Reading
May 22, 2025
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/ ...
Continue Reading
May 22, 2025
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact w ...
Continue Reading
May 22, 2025
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn' ...
Continue Reading
May 22, 2025
Back to Main
