GHSA-XV8G-FJ9H-6GMV Linkdave Missing Authentication on REST and WebSocket endpoints

The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...

PT-2026-1424

Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6 Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a...

PT-2024-14824 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.6.9 Quarkus versions prior to 3.7.1 Quarkus versions prior to 3.8.x Description: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Jav...

UPDATE: FudgeC2 0.5.7

FudgeC2 0.5.7 was released in June and this post documents the changes made to it. As you may remember, this awesome adversary emulation system was listed in my older post titled - List of Open Source C2 Post-Exploitation Frameworks. The new version brings system SMTP support, operations security...