Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...

Continue Reading

August 05, 2025

Lichess: CSRF at Network feature

A CSRF vulnerability was found in the network feature, where an attacker could change the Network Routing settings by sending a CSRF script to the...Read More ...

Continue Reading

August 05, 2025

curl: on the implications of permitting procedural culling

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

AWS VDP: XSS on Amazon Aquisition: elemental

The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the...Read More ...

Continue Reading

August 05, 2025

WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: Disclosure of email addresses

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: Vulnerability Report: Public Exposure of Security Audit File

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: curl ASSERTs when accessing an LDAP URL

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

1 42,390 42,391 42,392 42,393 42,394 385,998

Back to Main
Subscribe for the latest news: