Information Disclosure

github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the `MetricsHandler` function in `defaults.go` because it exposes the `--grpc-preshared-key` flag in the ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

Internet Bug Bounty: JWT audience claim is not verified

All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audience) claim in signed ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

Nacos 2.0.3 – Access Control vulnerability

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Nacos 2.0.3 – Access Control vulnerability

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Nacos 2.0.3 Access Control

Post ContentRead More ...

Continue Reading

May 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

CVE-2023-27487

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks a ...

Continue Reading

May 01, 2023

CVSS3 - CRITICAL

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenR ...

Continue Reading

May 01, 2023

CVSS3 - CRITICAL

CVSS2 - HIGH

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in O ...

Continue Reading

May 01, 2023

CVSS3 - CRITICAL

CVSS2 - HIGH

1 127 128 129 130 131 427

Back to Main
Subscribe for the latest news: