-
Authentication seems to be reading security directly from the components and not the security descriptor. When adding multiple keys they all show as individual authorization keys and not multi-key as…
-
I noticed that this repository has exposed several API keys for AI services, like open AI.
Exposing API keys, especially those associated with an account that has active billing, poses a significan…
-
UI fixes for security keys screen.
Current
![image](https://github.com/user-attachments/assets/63798cd7-920d-4560-8b47-ff10eb4c0b47)
Desired
![image](https://github.com/user-attachments/assets…
-
If I try to login using username/password -> go back (using browser button) -> choose login with passkey -> input my email, I will get an error saying `invalid password`:
![image](https://github.com/…
-
Hi bruce team
I saw this project using a esp32 as a u2f key [https://github.com/jocover/esp32_u2f](url) and I think it is a nice feature to have on bruce
-
[Security Issue] Exposure of Encryption Secret Key
Hello,
I want to bring to your attention a potential security issue found in this repository. In the file `login/login.php` (line 41), there is…
-
### Hardware
Not Applicable
### Connection Type
HTTP
### Local or Hosted
http://meshtastic.local
### Firmware Version
2.5.3
### Description
In d0bd02980de89146341133e34cc152…
-
Any stored procedures which return customer data should require either the customer's API key or an admin API key.
-
The Disclaimer on security is misleading and will result in a high possibility of a compromised API Key:
"Don't store secrets in code or any other resources bundled with your app. Instead, fetch th…
-
I recommend to add some PGP public key or some other public key for encrypting the vulnerability details here:
https://github.com/CTFd/CTFd/blob/0d12a13d6a39d5b9dc21c5efd4e29c4ca05e6128/SECURITY.md?p…