Azure App Service had an insecure default behavior that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”.
Thu, Oct 7th, 2021
AWS WAF using the Core Rules set allowed SQL injection. In AWS WAF only the first 8 KB (8,192 bytes) of the request body are forwarded to AWS WAF for inspection, but AWS Managed rules allowed reque...
Sun, Oct 3rd, 2021
Azure Active Directory Seamless Single Sign-On feature allowed single-factor brute-force attacks against Azure AD without generating sign-in events in the targeted organization’s tenant.
Wed, Sep 29th, 2021