WakaTime: Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize

The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...

Continue Reading

August 12, 2025

curl: Vulnerability Report: Local File Disclosure via file:// Protocol in cURL

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: Vulnerability Report: Public Exposure of Security Audit File

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

MainWP: Reflected XSS in “Manage Tags” Notes Field

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" input field under the Manage Tags section. Arbitrary input entered into this field was reflected ba ...

Continue Reading

August 12, 2025

curl: OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

GitHub: Sample report: Denial of service

The denial of service vulnerability was identified in the system. The vulnerability could have allowed an attacker to disrupt the availability of the system by exhausting its...Read More ...

Continue Reading

August 12, 2025

WakaTime: Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards

The vulnerability allowed unauthorized disclosure of private email addresses of WakaTime users through the private leaderboards feature. The email addresses were exposed to leaderboard creators and me ...

Continue Reading

August 12, 2025

curl: Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

1 32,579 32,580 32,581 32,582 32,583 385,998

Back to Main
Subscribe for the latest news: