WakaTime: Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize

The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...

Continue Reading

August 12, 2025

MainWP: Reflected XSS in “Cost Tracker” Notes Field

The reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" input field of the Cost Tracker section in MainWP (Version 5.4.0.11). Arbitrary user input in thi ...

Continue Reading

August 12, 2025

curl: Disk Space Exhaustion leading to a Denial of Service (DoS)

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

Mozilla: Bypass “No Links” Restriction in Biography via Protocol-Relative URL (//)

The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks ...

Continue Reading

August 12, 2025

curl: Exposure of Private RSA Private Key in curl GitHub Repository

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

curl: access notes without permission

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

GitHub: Sample report: Denial of service

The denial of service vulnerability was identified in the system. The vulnerability could have allowed an attacker to disrupt the availability of the system by exhausting its...Read More ...

Continue Reading

August 12, 2025

Node.js: Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix

Vulnerability description not...Read More ...

Continue Reading

August 12, 2025

1 32,613 32,614 32,615 32,616 32,617 385,998

Back to Main
Subscribe for the latest news: