phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...

FreeBSD : Gitlab -- vulnerabilities (c6c9306e-d645-11f0-8ce2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c6c9306e-d645-11f0-8ce2-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in...

CVE-2023-6484

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

Nextcloud Server Authorization Issues Vulnerability (CNVD-2020-64589)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Server 19.0.1, which stems from a misconfiguration that allows users to feel that a passwordless...