4 matches found
PT-2026-37130
rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...
CVE-2025-67507 Filament's multi-factor authentication (app) recovery codes can be used multiple times
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)
Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...
CVE-2021-21322
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...