The /api/v1/users/{username} endpoint leaked sensitive email-related metadata, such as the user's email confirmation status and privacy settings, without proper authorization checks. This allowed ...
Continue Reading
May 29, 2025
The @fastify/view plugin, when used with the EJS engine and the reply.view({ raw: <user-controlled-string> }) pattern, allowed arbitrary EJS execution. This vulnerability arose from the ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
May 29, 2025
Back to Main
