An incomplete fix has been identified for a vulnerability affecting Windows device names in the path.normalize() function in Node.js. The vulnerability allows path traversal protection to be bypassed ...
Continue Reading
August 05, 2025
The exposure of personal IP addresses through email messages has been identified as a potential security issue. Email messages can pass through multiple servers, which may store or record the content, ...
Continue Reading
August 05, 2025
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...
Continue Reading
August 05, 2025
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
Vulnerability description not...Read More ...
Continue Reading
August 05, 2025
The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker ...
Continue Reading
August 05, 2025
The reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" input field of the Cost Tracker section in MainWP (Version 5.4.0.11). Arbitrary user input in thi ...
Continue Reading
August 05, 2025
Back to Main
