GHSA-3VJ8-JMXQ-CGJ5 h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.3.4

Logging for Red Hat OpenShift - 6.3.4 Red Hat OpenShift Logging 6.3.4 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

Malicious code in rails_structured_logging (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1920 Malicious code in rails_structured_logging (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 44 Update: systemd-259.5-1.fc44

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

PT-2026-26194

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

CVE-2025-52644 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged.

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...

📄 WordPress WWLC 2.0.3.1 File Upload Metasploit Scanner

This Metasploit auxiliary module scans WordPress websites for an arbitrary file upload vulnerability in the WWLC plugin version 2.0.3.1. The module attempts to upload a crafted PHP file through the vulnerable AJAX endpoint admin-ajax.php using the wwlcfileuploadhandler action. If the upload is...

[SECURITY] Fedora 43 Update: systemd-258.7-1.fc43

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.9

Logging for Red Hat OpenShift - 6.2.9 Red Hat OpenShift Logging 6.2.9 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.3

Logging for Red Hat OpenShift - 6.4.3 Red Hat OpenShift Logging 6.4.3 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the typeSafetyCheckEmail function. An attacker can inject arbitrary log entries and expose sensitive information by submitting specially crafted email addresses containing newline or...

GHSA-XX6G-43W2-9G6G OliveTin's email argument makes compliance harder, enables log injection

Summary The typeSafetyCheckEmail function in service/internal/executor/arguments.go calls log.Errorf on every invocation including when validation succeeds err == nil. This means every email address submitted by any user is written to the application's ERROR-level log unconditionally. Because the...