Exploit for Use of a Broken or Risky Cryptographic Algorithm in Auth0 Jsonwebtoken
# CVE 2022-23540 In versions `Read More ...
Continue Reading
January 17, 2023
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Auth0 Jsonwebtoken
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager
## Summary This security bulletin addresses the vulnerabilities in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2022-46364,CVE-2022-46363). IBM Tivoli Ap ...
Continue Reading
January 17, 2023
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager
## Summary This security bulletin addresses the vulnerabilities in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2022-46364,CVE-2022-46363). IBM Tivoli Ap ...
Continue Reading
January 17, 2023
Improper Authentication
github.com/usememos/memos is vulnerable to improper authentication. The vulnerability allows a remote attacker to use the `Reset` API on any user without consent via IDOR.Read More ...
Continue Reading
January 04, 2023
CVE-2022-39041
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify an ...
Continue Reading
January 03, 2023
CVE-2022-39042
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system ...
Continue Reading
January 03, 2023
CVE-2022-47618
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or ...
Continue Reading
January 03, 2023
CVE-2022-39039
aEnrichâs a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Requ ...
Continue Reading
January 03, 2023
CVE-2022-39041
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify an ...
Continue Reading
January 03, 2023
CVE-2022-39042
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system ...
Continue Reading
January 03, 2023
Load more