In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error message response by sending an incorrect JSON Web Token to a route protected by the jwt-auth plugin. The ...
Continue Reading
June 23, 2022
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate l ...
Continue Reading
June 23, 2022
Team, May you all be well on your side of the screen. :) While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of con ...
Continue Reading
June 23, 2022
# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...
Continue Reading
June 23, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a director ...
Continue Reading
June 23, 2022
 Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera ...
Continue Reading
June 23, 2022
On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 de ...
Continue Reading
June 23, 2022
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.Read More ...
Continue Reading
June 23, 2022
Back to Main
