GHSA-4JPM-CGX2-8H37 Flowise: Sensitive Data Leak in public-chatbotConfig

Summary /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers,...

Understanding the New Windows Secure Kernel Mode Elevation of Privilege Vulnerability (CVE-2024-21302)

On August 7, 2024, Microsoft disclosed a significant security vulnerability affecting Windows-based systems, known as CVE-2024-21302. This zero-day vulnerability allows attackers with administrator privileges to elevate their access by replacing current versions of Windows system files with...

ADM Cloud Users are not able to view Users & Roles options under settings in Citrix ADM GUI

Invited/cloned users will not have access to Users & Roles access on Citrix ADM Cloud Path ==In the Citrix ADM GUI, navigate to Settings Users & Roles Users...

PYSEC-2023-130

Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the...

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2021-29849)

Summary IBM QRadar SIEM is vulnerable to cross-site scripting Vulnerability Details CVEID: CVE-2021-29849 DESCRIPTION: IBM QRadar SIEM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

Security Bulletin: PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-32028, CVE-2021-32027)

Summary PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT …...

Cloudworm - Candidate MS12-020 - POC

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall...