Dust: Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover

A stored cross-site scripting (XSS) vulnerability was discovered in the Dust platform's file upload functionality. An attacker could upload a malicious HTML file to a conversation. When another u ...

Continue Reading

July 12, 2025

curl: Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: Double Free Vulnerability in `libcurl` Cookie Management (`cookie.c`)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: Potential XSS vector in curl via unsanitized URL parameter handling

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Omise: Facebook Username Takeover via Broken Link in Footer

The Facebook username associated with the broken link in the footer was available for takeover. This could have allowed an attacker to create a fake Facebook page and mislead users into trusting...Rea ...

Continue Reading

July 12, 2025

WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: [High] MITM via Insecure CA Path Handling in cURL (–capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: [High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `–output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

1 76,760 76,761 76,762 76,763 76,764 385,998

Back to Main
Subscribe for the latest news: