curl: OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...

Continue Reading

August 12, 2025

curl: arbitrary file read via `file://` path traversal with `–path-as-is`

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

MainWP: Stored Cross-Site Scripting (XSS) in “Add Contact” Name Field – MainWP Plugin

A stored cross-site scripting (XSS) vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" > Contact Name field, where u ...

Continue Reading

August 12, 2025

Lichess: CSRF at Network feature

A CSRF vulnerability was found in the network feature, where an attacker could change the Network Routing settings by sending a CSRF script to the...Read More ...

Continue Reading

August 12, 2025

HackerOne: Account takeover of existing HackerOne accounts through SCIM provisioning

The SCIM provisioning feature in HackerOne's sandbox program was vulnerable to account takeover. An attacker could create a user with an email they controlled, import existing users, assign the v ...

Continue Reading

August 12, 2025

curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: CVE-2025-5399: WebSocket endless loop

The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...

Continue Reading

August 12, 2025

1 32,490 32,491 32,492 32,493 32,494 385,998

Back to Main
Subscribe for the latest news: