What are JWT Injections, and Why do You Need to Know About Them
JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. Theyre u ...
Continue Reading
August 26, 2022
What are JWT Injections, and Why do You Need to Know About Them
JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. Theyre u ...
Continue Reading
August 26, 2022
What are JWT Injections, and Why do You Need to Know About Them
JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. Theyre u ...
Continue Reading
August 26, 2022
Path Traversal
gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the `selectUserDefinedEndpoint` function of `TargetEndpointResolver.java`, ...
Continue Reading
August 25, 2022
GO-2022-0947
In Mellium mellium.im/xmpp, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to ...
Continue Reading
August 22, 2022
Exposure of Resource to Wrong Sphere
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database stora ...
Continue Reading
August 19, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specif ...
Continue Reading
August 19, 2022
CVE-2022-30952
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user creden ...
Continue Reading
August 18, 2022
CVE-2022-35174
A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.Read More ...
Continue Reading
August 18, 2022
CVE-2022-37063
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute a ...
Continue Reading
August 18, 2022
