Lichess: Improper Authentication Throttling Allows Attacker-Controlled Account Lockouts

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Node.js: Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

An incomplete fix has been identified for a vulnerability affecting Windows device names in the path.normalize() function in Node.js. The vulnerability allows path traversal protection to be bypassed ...

Continue Reading

August 05, 2025

curl: CRLF injection in libcurl’s SMTP client via –mail-from and –mail-rcpt allows SMTP command smuggling

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

Lichess: Server-Side Request Forgery (SSRF) via Game Export API

The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker ...

Continue Reading

August 05, 2025

curl: access notes without permission

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: CVE-2025-5399: WebSocket endless loop

The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...

Continue Reading

August 05, 2025

Mozilla: Bypass “No Links” Restriction in Biography via Protocol-Relative URL (//)

The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks ...

Continue Reading

August 05, 2025

1 42,579 42,580 42,581 42,582 42,583 385,998

Back to Main
Subscribe for the latest news: