The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...
Continue Reading
August 12, 2025
The denial of service vulnerability was identified in the system. The vulnerability could have allowed an attacker to disrupt the availability of the system by exhausting its...Read More ...
Continue Reading
August 12, 2025
Vulnerability description not...Read More ...
Continue Reading
August 12, 2025
Vulnerability description not...Read More ...
Continue Reading
August 12, 2025
Vulnerability description not...Read More ...
Continue Reading
August 12, 2025
The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...
Continue Reading
August 12, 2025
The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks ...
Continue Reading
August 12, 2025
The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...
Continue Reading
August 12, 2025
Back to Main
