Dust: Privilege Persistence via Cloned Agent

The vulnerability allowed a member to clone an agent managed by the admin by modifying the agent's unique identifier (sid). This resulted in the admin being unable to effectively disable the agen ...

Continue Reading

July 07, 2025

Dust: Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover

A stored cross-site scripting (XSS) vulnerability was discovered in the Dust platform's file upload functionality. An attacker could upload a malicious HTML file to a conversation. When another u ...

Continue Reading

July 07, 2025

curl: Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl

Vulnerability description not...Read More ...

Continue Reading

July 07, 2025

curl: Double Free Vulnerability in `libcurl` Cookie Management (`cookie.c`)

Vulnerability description not...Read More ...

Continue Reading

July 07, 2025

curl: Potential XSS vector in curl via unsanitized URL parameter handling

Vulnerability description not...Read More ...

Continue Reading

July 07, 2025

Omise: Facebook Username Takeover via Broken Link in Footer

The Facebook username associated with the broken link in the footer was available for takeover. This could have allowed an attacker to create a fake Facebook page and mislead users into trusting...Rea ...

Continue Reading

July 07, 2025

WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Vulnerability description not...Read More ...

Continue Reading

July 07, 2025

curl: [High] MITM via Insecure CA Path Handling in cURL (–capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Vulnerability description not...Read More ...

Continue Reading

July 07, 2025

1 83,136 83,137 83,138 83,139 83,140 385,998

Back to Main
Subscribe for the latest news: