JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...

GHSA-PWGC-W4X9-GW67 changedetection.io Cross-site Scripting vulnerability

Summary Input in parameter notificationurls is not processed resulting in javascript execution in the application Details changedetection.io version: v0.45.21 https://github.com/dgtlmoon/changedetection.io/blob/0.45.21/changedetectionio/forms.pyL226 for serverurl in field.data: if not...

Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

GHSA-XVM2-9XVC-HX7F Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer

Impact Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues. Patches Upgrade to version 2.1.0. Workarounds No known workaround. References...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. It is a misconfiguration to reuse chainIDs. Correct...

CVE-2021-1472

creationtimestamp| type| source ---|---|--- 2021-04-15 11:02:09+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3127 2021-05-30 02:19:08+00:00| seen| https://t.me/pwnwikizhchannel/529 2022-02-01 16:55:14+00:00| seen|...

Serendipity CMS 2.0 Cross Site Scripting

Serendipity CMS - XSS Vulnerability in Version 2.0 ---------------------------------------------------------------- Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting CWE-79 Download link: http://www.s9y.org/12.html...

Lavarel-Security XSS Filter Bypass Vulnerability

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...