Advisories

Remote, Pre-Authentication XML External Entity (XXE) Injection in Mendelson AS2 and Mendelson AS4

Incorrect Permission Assignment issue in GitLab ID token

Gatekeeper Constraint Bypass

Prompt Injection in JetBrains Rider AI Assistant

  • 26 Oct 2023
  • Severity: High

Optimizely CMS Admin Panel DOM XSS

iOS Single App Mode Escape

Fujitsu mPollux for macOS Multiple Vulnerabilities

SQL Injection in ZTE 4G routers and modems

  • 5 Sep 2023
  • Severity: Medium

Mend.io cross-tenant access via vulnerable SAML implementation

Synology Router Manager Reflected XSS

OpenText Archive Center Administration Client XXE Vulnerability

Insecure Password Policy & Lack of Rate Limiting on Megafeis Smart Lock API Server