Mars: [XSS] Reflected XSS via POST request in (███████)
A reflected Cross-Site Scripting (XSS) vulnerability was identified in the celular parameter of a POST request to the homepage of a Mars-owned website. The vulnerability was classified as medium sever ...
Continue Reading
July 07, 2025
curl: `Curl_socketpair()` fallback vulnerable to man-in-the-middle attack
Vulnerability description not...Read More ...
Continue Reading
July 07, 2025
curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL
Vulnerability description not...Read More ...
Continue Reading
July 07, 2025
curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL
Vulnerability description not...Read More ...
Continue Reading
July 07, 2025
Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account
A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...
Continue Reading
July 07, 2025
curl: Memory Leak in libcurl via Location Header Handling (CWE-770)
Vulnerability description not...Read More ...
Continue Reading
July 07, 2025
Lichess: Improper Authentication Throttling Allows Attacker-Controlled Account Lockouts
Vulnerability description not...Read More ...
Continue Reading
July 07, 2025
Back to Main
