curl: CVE-2025-5399: WebSocket endless loop

The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...

Continue Reading

July 12, 2025

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...

Continue Reading

July 12, 2025

curl: Failure to strip Proxy-Authorization header on change in origin

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Lichess: Path Traversal Vulnerability in Lila Project

A path traversal vulnerability was discovered in the Lila project that allowed an attacker to access arbitrary files on the server by manipulating user-supplied input to traverse outside the intended ...

Continue Reading

July 12, 2025

curl: Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Hemi VDP: WordPress Version Exposure via ███████ on hemi.xyz

The WordPress CMS version was exposed in the XML file at https://hemi.xyz███. This disclosure allowed attackers to fingerprint the CMS...Read More ...

Continue Reading

July 12, 2025

Automattic: Woocommerce SQL Injection in WC_Report_Coupon_Usage

A SQL injection vulnerability was found in the WooCommerce plugin version 9.9.3. The vulnerable parameter was 'coupon_codes' in the '/wp-admin/admin.php?page=wc-reports&tab=orde ...

Continue Reading

July 12, 2025

curl: Sensitive information disclosure with malicious netrc file

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

1 76,757 76,758 76,759 76,760 76,761 385,998

Back to Main
Subscribe for the latest news: