Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...

Continue Reading

August 05, 2025

MainWP: Reflected XSS in “Create Category” Functionality of Post Creation Module

A reflected Cross-Site Scripting (XSS) vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript pa ...

Continue Reading

August 05, 2025

MainWP: Reflected XSS in “Client Notes” Field

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" functionality under the Edit Client section. User input in the notes input field was not properly s ...

Continue Reading

August 05, 2025

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'coupon_codes' in the '/wp-admin/admin.php?page=wc-reports&tab=orde ...

Continue Reading

August 05, 2025

Lichess: Server-Side Request Forgery (SSRF) via Game Export API

The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker ...

Continue Reading

August 05, 2025

WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: on the implications of permitting procedural culling

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

1 42,344 42,345 42,346 42,347 42,348 385,998

Back to Main
Subscribe for the latest news: