curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...

Continue Reading

July 12, 2025

curl: Memory Leak in libcurl via Location Header Handling (CWE-770)

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Lichess: Improper Authentication Throttling Allows Attacker-Controlled Account Lockouts

Vulnerability description not...Read More ...

Continue Reading

July 12, 2025

Lichess: Server-Side Request Forgery (SSRF) via Game Export API

The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker ...

Continue Reading

July 12, 2025

curl: CVE-2025-5399: WebSocket endless loop

The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...

Continue Reading

July 12, 2025

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the ge ...

Continue Reading

July 12, 2025

1 76,775 76,776 76,777 76,778 76,779 385,998

Back to Main
Subscribe for the latest news: