GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

Information Exposure

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Information Exposure through the JSON error response. An attacker can obtain sensitive information by exploiting the visibility of exception messages...

API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

Fedora 38 : python-jupyter-server (2023-8816029058)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8816029058 advisory. Security fix for CVE-2023-49080 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...