curl: OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Node.js: Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...

Continue Reading

August 05, 2025

WakaTime: Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards

The vulnerability allowed unauthorized disclosure of private email addresses of WakaTime users through the private leaderboards feature. The email addresses were exposed to leaderboard creators and me ...

Continue Reading

August 05, 2025

Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'coupon_codes' in the '/wp-admin/admin.php?page=wc-reports&tab=orde ...

Continue Reading

August 05, 2025

curl: Use after free (or assert triggered) with failed allocations in openssl

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

HackerOne: Account takeover of existing HackerOne accounts through SCIM provisioning

The SCIM provisioning feature in HackerOne's sandbox program was vulnerable to account takeover. An attacker could create a user with an email they controlled, import existing users, assign the v ...

Continue Reading

August 05, 2025

WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

1 42,407 42,408 42,409 42,410 42,411 385,998

Back to Main
Subscribe for the latest news: