Node.js: Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
curl: Credential leak on redirect due to improper state clearing when parsing macdef in netrc.c
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
curl: curl ASSERTs when accessing an LDAP URL
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account
A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...
Continue Reading
August 05, 2025
curl: OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
curl: GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusion
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
Back to Main
