Internet Bug Bounty: Secrets not masked in UI when sensitive variables are set via Airflow cli

A vulnerability was discovered in Apache Airflow where sensitive variables set using the Airflow CLI were not properly masked in the UI, specifically in the Audit logs page. This issue was addressed i ...

Continue Reading

January 27, 2025

TikTok: Unauthorized Access to TikTok Account [Private Videos] via API Endpoint

The vulnerability on a TikTok endpoint that allowed unauthorized viewing of videos from private accounts was discovered and reported by @datph4m. The issue was subsequently...Read More ...

Continue Reading

January 27, 2025

Node.js: Usage of unsafe random function in undici for choosing boundary

The vulnerability in the Undici library involves the use of an unsafe random function to choose the boundary for a multipart/form-data request. The use of Math.random() to generate this boundary can b ...

Continue Reading

January 27, 2025

Localize: open redirected by host header

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

AWS VDP: Information Disclosure Due To exposed .env file (Directory Listing) at ████████

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

AWS VDP: CVE-2020-5902

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

XVIDEOS: Stored XSS via SMTP Error Message

A Stored Cross-Site Scripting (XSS) vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were p ...

Continue Reading

January 27, 2025

1 268,925 268,926 268,927 268,928 268,929 385,998

Back to Main
Subscribe for the latest news: