CVE-2024-36466 Unauthenticated Zabbix frontend takeover when SSO is being used

A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...

Cross site scripting

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...