HackerOne: Account takeover of existing HackerOne accounts through SCIM provisioning

The SCIM provisioning feature in HackerOne's sandbox program was vulnerable to account takeover. An attacker could create a user with an email they controlled, import existing users, assign the v ...

Continue Reading

August 12, 2025

curl: CRLF injection in libcurl’s SMTP client via –mail-from and –mail-rcpt allows SMTP command smuggling

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusion

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'coupon_codes' in the '/wp-admin/admin.php?page=wc-reports&tab=orde ...

Continue Reading

August 12, 2025

MainWP: Reflected XSS in “Create Category” Functionality of Post Creation Module

A reflected Cross-Site Scripting (XSS) vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript pa ...

Continue Reading

August 12, 2025

curl: OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: access notes without permission

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

1 32,607 32,608 32,609 32,610 32,611 385,998

Back to Main
Subscribe for the latest news: