A critical vulnerability was identified in Trellix Enterprise Security Manager (ESM) version 11.6.10. The vulnerability allowed unauthenticated access to internal API endpoints through path traversal ...
Continue Reading
January 27, 2025
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() A vulnerability was reported in the Django web framework's urlize() function, which could lead to a denial-of-service att ...
Continue Reading
January 27, 2025
The security researcher found a reflected cross-site scripting (XSS) vulnerability on the www.████████.mil website. The vulnerability was demonstrated using a proof-of-concept link tha ...
Continue Reading
January 27, 2025
A Stored Cross-Site Scripting (XSS) vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were p ...
Continue Reading
January 27, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
January 27, 2025
A vulnerability was discovered in Apache Airflow where sensitive variables set using the Airflow CLI were not properly masked in the UI, specifically in the Audit logs page. This issue was addressed i ...
Continue Reading
January 27, 2025
The vulnerability on a TikTok endpoint that allowed unauthorized viewing of videos from private accounts was discovered and reported by @datph4m. The issue was subsequently...Read More ...
Continue Reading
January 27, 2025
The aws-lambda-ecs-run-task application created a function with a role that had excessive permissions, including the AdministratorAccess policy. This allowed for potential privilege escalation by an.. ...
Continue Reading
January 27, 2025
Back to Main
