Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39189:

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

CVE

Related news

CVE-2021-41829: Vulnerability Disclosure -Statically Derived Encryption Key @ Zoho R.A.P.

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.

CVE-2021-41828: Vulnerability Disclosure -Hardcoded Keys/Password @ Zoho R.A.P.

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.

CVE-2021-41827: Vulnerability Disclosure -Hardcoded Keys/Password @ Zoho R.A.P.

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.

Meet TruffleHog – a browser extension for finding secret keys in JavaScript code

API keys are accidentally being leaked by websites. Here’s how to find them

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907