EUVD-2020-7258

Malware in sbrugna...

EUVD-2020-7212

Malware in sbrugna...

Authorization Bypass

@oneuptime/common-server and @oneuptime/model are vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to improper validation of the ismasteradmin key stored in the browser local storage. Attackers can manipulate this key from false to true, granting themselves...

OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

Summary A security vulnerability exists in oneuptime's local storage handling, where a regular user can escalate privileges by modifying the ismasteradmin key to true. This allows unauthorized access to administrative functionalities. Details The vulnerability lies in the improper validation of...

CVE-2023-31408

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attac...

CVE-2021-25985 FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover

In Factor App Framework & Headless CMS v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in the OpenShift web console, which originates from an access token stored in the browser's local...