Omise: Facebook Username Takeover via Broken Link in Footer

The Facebook username associated with the broken link in the footer was available for takeover. This could have allowed an attacker to create a fake Facebook page and mislead users into trusting...Rea ...

Continue Reading

July 12, 2025

WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: [High] MITM via Insecure CA Path Handling in cURL (–capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: [High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `–output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Fastify: Remote Code Execution via unsafe usage of `reply.view({ raw })` in @fastify/view (EJS template engine)

The @fastify/view plugin, when used with the EJS engine and the reply.view({ raw: <user-controlled-string> }) pattern, allowed arbitrary EJS execution. This vulnerability arose from the ...

Continue Reading

July 12, 2025

curl: Speculative Execution Side-Channel in `curl`

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: HTTP/2 CONTINUATION Flood Vulnerability

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: HTTP/3 Stream Dependency Cycle Exploit

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

1 76,773 76,774 76,775 76,776 76,777 385,998

Back to Main
Subscribe for the latest news: