Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
January 27, 2025
A heap-buffer-overread vulnerability was discovered in the contains_whitespace function when calling parser_validate after supplying a maliciously crafted buffer to parser_parse. The vulnerability was ...
Continue Reading
January 27, 2025
The account creation process of www.xvideos.red was found to lack proper rate limiting mechanisms on the /account/signinform/premium_tour_login endpoint. This security flaw allowed for automated creat ...
Continue Reading
January 27, 2025
A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by proces ...
Continue Reading
January 27, 2025
CVE-2024-11053 was a logic flaw in Curl that resulted in a credential leak during redirects. The issue was caused by the way Curl processed netrc credentials when performing redirects. Under certain c ...
Continue Reading
January 27, 2025
The experimental-programmatic-access-ccft application created a function with an associated role that was assigned policies with overly broad "sts:AssumeRole" permissions for &qu ...
Continue Reading
January 27, 2025
The security researcher found a reflected cross-site scripting (XSS) vulnerability on the www.████████.mil website. The vulnerability was demonstrated using a proof-of-concept link tha ...
Continue Reading
January 27, 2025
The netrc file in curl could lead to the unintentional leakage of a password to a different host when following HTTP redirects, if the netrc file had an entry matching the redirect target hostname but ...
Continue Reading
January 27, 2025
Back to Main
