The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...
Continue Reading
August 12, 2025
Vulnerability description not...Read More ...
Continue Reading
August 12, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" > Contact Name field, where u ...
Continue Reading
August 12, 2025
The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...
Continue Reading
August 12, 2025
The SCIM provisioning feature in HackerOne's sandbox program was vulnerable to account takeover. An attacker could create a user with an email they controlled, import existing users, assign the v ...
Continue Reading
August 12, 2025
The denial of service vulnerability was identified in the system. The vulnerability could have allowed an attacker to disrupt the availability of the system by exhausting its...Read More ...
Continue Reading
August 12, 2025
A reflected Cross-Site Scripting (XSS) vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript pa ...
Continue Reading
August 12, 2025
Vulnerability description not...Read More ...
Continue Reading
August 12, 2025
Back to Main
