CVE-2026-33030

CVE-2026-33030 affects Nginx UI up through version 2.3.3, where an Insecure Direct Object Reference (IDOR) vulnerability exists. The base Model struct omits a user_id field and resource endpoints query by ID without verifying ownership, enabling an authenticated user to access, modify, or delete ...

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

CVE-2023-32077

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

CVE-2023-32077

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

CVE-2023-32077

Netmaker Vulnerability: Hardcoded DNS secret key allows unauthenticated users to interact with DNS API endpoints. Affects Netmaker builds prior to 0.17.1 and 0.18.6. Remediation per sources: upgrade to v0.17.1 (patched) or v0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 a...

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

[SECURITY] Fedora 37 Update: golang-github-projectdiscovery-chaos-client-0.4.0-3.fc37

Go client to communicate with Chaos DNS API...

[SECURITY] Fedora 36 Update: golang-github-projectdiscovery-chaos-client-0.2.0-3.fc36

Go client to communicate with Chaos DNS API...

[SECURITY] Fedora 35 Update: golang-github-projectdiscovery-chaos-client-0.2.0-2.fc35

Go client to communicate with Chaos DNS API...

[SECURITY] Fedora 36 Update: golang-github-projectdiscovery-chaos-client-0.2.0-2.fc36

Go client to communicate with Chaos DNS API...

dns-api.com Improper Access Control vulnerability OBB-1257964

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are...

CVE-2017-7327

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll...