Lucene search
K

2597 matches found

Github Security Blog
Github Security Blog
added 2024/01/23 2:43 p.m.61 views

keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...

6.1CVSS7.2AI score0.01109EPSS
Exploits0References12Affected Software1
OpenVAS
OpenVAS
added 2024/01/23 12:0 a.m.23 views

Ubuntu: Security Advisory (USN-6592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.01421EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/01/20 3:10 a.m.3 views

SUSE CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

3.7CVSS6.9AI score0.00452EPSS
Exploits0References3
HackRead
HackRead
added 2024/01/19 11:32 a.m.14 views

YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes

By Waqas Bitdefender's latest research reveals that crypto scams on YouTube are at an all-time high, with no sign of slowing down in the near future. This is a post from HackRead.com Read the original post: YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes...

7.3AI score
Exploits0
CVE
CVE
added 2024/01/18 8:3 p.m.99 views

CVE-2024-22403

CVE-2024-22403 affects Nextcloud Server prior to 28.0.0, where OAuth2 authorization codes did not expire. An attacker who intercepts an authorization code could authenticate at any time using that code. The issue is resolved by upgrading to Nextcloud Server 28.0.0, where OAuth codes are invalidat...

3.7CVSS4.1AI score0.00452EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/01/18 8:3 p.m.40 views

CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

3CVSS4.5AI score0.00452EPSS
Exploits0References4
Nextcloud
Nextcloud
added 2024/01/18 8:39 a.m.48 views

OAuth2 authorization codes are valid indefinetly

None...

3.7CVSS4.7AI score0.00452EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2024/01/18 1:26 a.m.21 views

[SECURITY] Fedora 38 Update: zbar-0.23.93-1.fc38

ZBar Bar Code Reader is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code...

9.8CVSS9.7AI score0.01787EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.5 views

PT-2024-1285 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.0 Description: The issue concerns the expiration of OAuth codes in Nextcloud Server, a self-hosted personal cloud system. In affected versions, OAuth codes did not expire, allowing an attacker who gains...

9.8CVSS5.8AI score0.01041EPSS
Exploits6References99
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.22 views

Fedora 39 : zbar (2024-73d5220ed3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-73d5220ed3 advisory. 0.23.93, fixes for two CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

9.8CVSS8.4AI score0.01787EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.28 views

Fedora 38 : zbar (2024-583e4098b9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-583e4098b9 advisory. 0.23.93, fixes for two CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

9.8CVSS8.4AI score0.01787EPSS
Exploits0References3
NVD
NVD
added 2024/01/16 4:15 p.m.11 views

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.3CVSS5.4AI score0.00724EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/01/16 3:50 p.m.20 views

CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.7AI score0.00724EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.7 views

WordPress plugin WPGraphQL WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

5.3CVSS6.9AI score0.00724EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-11510 · WordPress · Wpgraphql Woocommerce

Name of the Vulnerable Software and Affected Versions: WPGraphQL WooCommerce WordPress plugin versions prior to 0.12.4 Description: The issue allows unauthenticated attackers to enumerate a shop's coupon codes and values via GraphQL. This can be done through GraphQL endpoints, potentially exposin...

5.3CVSS5.1AI score0.00724EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

WordPress plugin Qyrr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6AI score0.00218EPSS
Exploits2References2
OSV
OSV
added 2024/01/11 7:15 a.m.4 views

CVE-2023-6520

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the sendbackupcodesemail function. This makes it possible for unauthenticated...

4.3CVSS7.2AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 7:15 a.m.2 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 7:15 a.m.17 views

Design/Logic Flaw

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4CVSS7.1AI score0.0047EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

WordPress Plugin WP 2FA Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS7AI score0.0047EPSS
Exploits0References4
Rows per page
Query Builder