Serendipity 安全漏洞

Serendipity is a PHP-based blog system developed by the Serendipity team. This system supports the creation of online diaries, blogs, and web pages. Versions of Serendipity 2.6-beta2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the serendipitysetCookie functi...

Hoppscotch 输入验证错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection flaw, which could lead to token leaks and account takeovers...

CLSA-2026-1774259220 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. Versions of Cryptomator prior to 1.12.3 contained security vulnerabilities, which were due to insufficient integrity checks in the Android system. These vulnerabilities could lead to man-in-the-middle attacks and...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. It is used to protect data. Versions of Cryptomator prior to 1.19.1 have security vulnerabilities; these vulnerabilities stem from integrity-checking flaws, which can lead to man-in-the-middle attacks and token leak...

Cryptomator 安全漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. Versions of Cryptomator prior to 2.8.3 contained security vulnerabilities, which were due to insufficient integrity checks in the iOS system. These vulnerabilities could lead to man-in-the-middle attacks and token...

CVE-2024-42914

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server a...

ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks

Discover how GitHub Actions artifacts leak sensitive authentication tokens, exposing popular open-source projects to security risks. Learn about…...

PT-2023-18162 · Unknown · User Backup Manager

Name of the Vulnerable Software and Affected Versions: User Backup Manager affected versions not specified Description: The issue is related to log information disclosure, which could lead to local information disclosure. It is possible to leak a token and bypass user confirmation for backup...

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...

CVE-2022-32217

A cleartext storage of sensitive information exists in Rocket.Chat v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs...

June 21, 2018—KB4284863 (Preview of Monthly Rollup)

June 21, 2018—KB4284863 Preview of Monthly Rollup Improvements and fixes This nonsecurity update includes improvements and fixes that were a part of KB 4284815 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...