Improper Authorization

Overview symfony/security-bundle is a security bundle for Symfony. Affected versions of this package are vulnerable to Improper Authorization in the createFirewall function in SecurityExtension.php, which does not apply userchecker during programmatic login. Remediation Upgrade...

Symfony 授权问题漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from the fact that a custom userchecker on the firewall is not invoked when logging in programmatically using the Security::log...

GO-2022-0783 JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium

JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium...

Spring AI Embraces OpenAI's Structured Outputs: Enhancing JSON Response Reliability

OpenAI recently introduced a powerful feature called Structured Outputs, which ensures that AI-generated responses adhere strictly to a predefined JSON schema. This feature significantly improves the reliability and usability of AI-generated content in real-world applications. Today, we're excite...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

PT-2024-12697 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: TCL 20XE Android device versions with software build fingerprints TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB83-0:user/release-keys Description: The issue concerns a...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from the fact that any user who can edit any page can create custom skins with template overrides that are executed with...

What Is Programmatic Advertising And How To Use It

By Owais Sultan Programmatic is an advertising format on third-party resources, where placement is done automatically through special advertising platforms where… This is a post from HackRead.com Read the original post: What Is Programmatic Advertising And How To Use It...

Silverstripe Framework: Members with no password can be created and bypass custom login forms

When a new Member record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a...

Utilizing Programmatic Advertising to Locate Abducted Children: Unleashing its Power

By Owais Sultan The global struggle against human trafficking and child abduction persists as a grave crime that exploits countless individuals.… This is a post from HackRead.com Read the original post: Utilizing Programmatic Advertising to Locate Abducted Children: Unleashing its Power...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability that stems from the fact that any user with editing privileges to any document e.g., their own user profile can execute cod...

XWiki Commons 安全漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user can edit their own configuration file and inject code that will be executed with programmatic privileges...

PT-2022-26017 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.1 Description: The issue allows an already authenticated user to continue using the UI or API even after their account has been deactivated. Recommendations: For versions prior to 2.4.1, update to version...

Aruba Networks ArubaOS and InstantOS Denial of Service Vulnerabilities

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A denial of service vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from a progra...

Dell OpenManage Enterprise elevation of privilege vulnerability (CNVD-2022-42737)

Dell OpenManage Enterprise is an easy-to-use, one-to-many system management console for IT infrastructure management from Dell, Inc. The software enables cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. An elevation of privilege vulnerability...

Cisco SD-WAN Elevation of Privilege Vulnerability

Cisco SD-WAN is a highly secure cloud-scale architecture from Cisco USA that is open, programmable, and scalable. an elevation of privilege vulnerability exists in Cisco SD-WAN, which stems from an incorrect programmatic call to a high-level native procedure. An attacker could exploit the...

Dell PowerScale OneFS Elevation of Privilege Vulnerability (CNVD-2022-32825)

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides a horizontally scalable NAS. An elevation of privilege vulnerability exists in Dell PowerScale OneFS, which stems from an incorrect programmatic call to a high-level native procedure. A local attacker could exploit this...

Microsoft Windows Installer 权限许可和访问控制问题漏洞

Microsoft Windows Installer is a component of the Windows operating system from Microsoft. It provides a standard basis for installing and uninstalling software. An elevation of privilege vulnerability exists in Microsoft Windows Installer. The vulnerability stems from an incorrect programmatic...

Frontrunning of setPerTokenWalletCap edge case

Lines of code Vulnerability details Impact The setPerTokenWalletCap function in WhitelistPeriodManager.sol contains a comment stating: Special care must be taken when calling this function There are no checks for perTokenWalletCap since it's onlyOwner, but it's essential that it should be = max l...