WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Hemi VDP: WordPress Version Exposure via ███████ on hemi.xyz

The WordPress CMS version was exposed in the XML file at https://hemi.xyz███. This disclosure allowed attackers to fingerprint the CMS...Read More ...

Continue Reading

August 05, 2025

MainWP: Reflected XSS in “Client Notes” Field

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" functionality under the Edit Client section. User input in the notes input field was not properly s ...

Continue Reading

August 05, 2025

curl: Credential leak on redirect due to improper state clearing when parsing macdef in netrc.c

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...

Continue Reading

August 05, 2025

HackerOne: Account takeover of existing HackerOne accounts through SCIM provisioning

The SCIM provisioning feature in HackerOne's sandbox program was vulnerable to account takeover. An attacker could create a user with an email they controlled, import existing users, assign the v ...

Continue Reading

August 05, 2025

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: Use after free (or assert triggered) with failed allocations in openssl

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

1 42,374 42,375 42,376 42,377 42,378 385,998

Back to Main
Subscribe for the latest news: