Cosmos: Attacker can use any non-enabled capability

The Capabilites implementation in CosmWasm contracts was found to have a vulnerability. Even if the executing chain did not allow a specific capability, a CosmWasm contract could still execute actions ...

Continue Reading

January 28, 2025

Localize: open redirected by host header

Vulnerability description not...Read More ...

Continue Reading

January 28, 2025

AWS VDP: CVE-2020-5902

Vulnerability description not...Read More ...

Continue Reading

January 28, 2025

HackerOne: Hackerone supports accounts organitation takeover

The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning ...

Continue Reading

January 28, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

Continue Reading

January 28, 2025

WordPress: Unauthenticated WordPress Database Repair DoS

Vulnerability description not...Read More ...

Continue Reading

January 28, 2025

IBM: Exposed Logs and Bearer Tokens on Test Endpoint

Exposed Logs and Bearer Tokens on Test Endpoint were reported to IBM, analyzed, and have been...Read More ...

Continue Reading

January 28, 2025

Mozilla: Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org

A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by proces ...

Continue Reading

January 28, 2025

1 268,782 268,783 268,784 268,785 268,786 385,998

Back to Main
Subscribe for the latest news: