Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the token endpoint. An attacker can obtain access tokens for users who have not authorized their application by exchanging intercepted authorization codes issued to other clients. Note: This is only exploitabl...

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

Buzzy Chinese artificial intelligence AI startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over...

CVE-2024-42349

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server fogloginaccepted.log and fogloginfailed.log...

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids...