HackerOne: Hackerone supports accounts organitation takeover

The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning ...

Continue Reading

January 27, 2025

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

curl: Exploitable Format String Vulnerability in curl_mfprintf Function

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

Flickr: Information Disclosure: .dockerignore file is publicly accessible

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

AWS VDP: A potential risk in the experimental-programmatic-access-ccft which can be used to privilege escalation.

The experimental-programmatic-access-ccft application created a function with an associated role that was assigned policies with overly broad "sts:AssumeRole" permissions for &qu ...

Continue Reading

January 27, 2025

AWS VDP: Information Disclosure Due To exposed .env file (Directory Listing) at ████████

Vulnerability description not...Read More ...

Continue Reading

January 27, 2025

Yelp: Object Level access control leads to reading user’s full requests, sessions, and error messages

The vulnerability allowed unauthenticated attackers to read the internal admin's full sessions, HTTP requests data, and other internal information through the error logging endpoint. The vulnerab ...

Continue Reading

January 27, 2025

1 269,016 269,017 269,018 269,019 269,020 385,998

Back to Main
Subscribe for the latest news: