curl: HTTP Request Smuggling Vulnerability Analysis – cURL Security Report

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

Mozilla: Bypass “No Links” Restriction in Biography via Protocol-Relative URL (//)

The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks ...

Continue Reading

August 12, 2025

curl: Use After Free (that leads to arbitrary Write for some versions)

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: Uncontrolled File Write/Arbitrary File Creation

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...

Continue Reading

August 12, 2025

WakaTime: Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize

The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...

Continue Reading

August 12, 2025

curl: Disk Space Exhaustion leading to a Denial of Service (DoS)

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

MainWP: Stored Cross-Site Scripting (XSS) in “Add Contact” Name Field – MainWP Plugin

A stored cross-site scripting (XSS) vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" > Contact Name field, where u ...

Continue Reading

August 12, 2025

1 32,478 32,479 32,480 32,481 32,482 385,998

Back to Main
Subscribe for the latest news: