Vulnerability description not...Read More ...
Continue Reading
July 17, 2025
An incomplete fix has been identified for a vulnerability affecting Windows device names in the path.normalize() function in Node.js. The vulnerability allows path traversal protection to be bypassed ...
Continue Reading
July 17, 2025
The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker ...
Continue Reading
July 17, 2025
The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...
Continue Reading
July 17, 2025
The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...
Continue Reading
July 17, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" > Contact Name field, where u ...
Continue Reading
July 17, 2025
A reflected Cross-Site Scripting (XSS) vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript pa ...
Continue Reading
July 17, 2025
The exposure of personal IP address through email was identified as a potential privacy concern. Email messages, even with TLS encryption, can pass through various servers that may store or record the ...
Continue Reading
July 17, 2025
Back to Main
