Test Blog - Cloud WAF

CVE-2024-5062 : ZENML-IO ZENML UP TO 0.57.X SURVEY CROSS SITE SCRIPTING

Description A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page…

Common Vulnerabilities and Exposures

CVE-2024-38371 : GOAUTHENTIK PRIOR 2024.2.4/2024.4.3/2024.6.0 ACCESS CONTROL

Description authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could…

Common Vulnerabilities and Exposures

CVE-2024-38532 : USBARMORY MXS-DCP DCP_TOOL HARD-CODED KEY

Description The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations.…

Common Vulnerabilities and Exposures

CVE-2024-38533 : MATTER-LABS ERA-COMPILER-VYPER UP TO 1.4.X OUT-OF-BOUNDS WRITE

Description ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses…

Common Vulnerabilities and Exposures

CVE-2024-38525 : DATADOG DD-TRACE-CPP UP TO 0.2.1 DENIAL OF SERVICE

Description dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list…

Learning Web Application Firewall

What Is Account Takeover Attacks (ATO)?

The smooth and connected digital world is also an arena for cybercriminals who organize account takeover (ATO) attacks. Consider this: Cyber pirates use stolen credentials…