CVE-2024-41657 GHSL-2024-035: Casdoor CORS misconfiguration

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

Debian: Security Advisory (DSA-2115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car different for every vendor / car product line / car. No...

MEDCIN engine of the exploitability of the vulnerability details-vulnerability warning-the black bar safety net

! Science: the MEDCIN engine is a service to doctors and nurses electronic medical records system. A few months ago, I was in the MEDCIN engine to older versions of the safety assessment found a loophole. So I to the Supplier a report of the vulnerabilities and then repair, after viewing the...

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...