vesilahti.fi Cross Site Scripting vulnerability OBB-4049113

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

Continue Reading

May 31, 2025

Dust: Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover

A stored cross-site scripting (XSS) vulnerability was discovered in the Dust platform's file upload functionality. An attacker could upload a malicious HTML file to a conversation. When another u ...

Continue Reading

May 31, 2025

WakaTime: Broken Access Control Exposes Email Verification Status and Privacy Settings via API Endpoint

The /api/v1/users/{username} endpoint leaked sensitive email-related metadata, such as the user's email confirmation status and privacy settings, without proper authorization checks. This allowed ...

Continue Reading

May 31, 2025

curl: HTTP/3 Stream Dependency Cycle Exploit

Vulnerability description not...Read More ...

Continue Reading

May 31, 2025

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Vulnerability description not...Read More ...

Continue Reading

May 31, 2025

curl: Memory Leak

Vulnerability description not...Read More ...

Continue Reading

May 31, 2025

curl: CRLF Injection in `–proxy-header` allows extra HTTP headers (CWE-93)

Vulnerability description not...Read More ...

Continue Reading

May 31, 2025

Fastify: Remote Code Execution via unsafe usage of `reply.view({ raw })` in @fastify/view (EJS template engine)

The @fastify/view plugin, when used with the EJS engine and the reply.view({ raw: <user-controlled-string> }) pattern, allowed arbitrary EJS execution. This vulnerability arose from the ...

Continue Reading

May 31, 2025

1 6 7 8 9 10 911

Back to Main
Subscribe for the latest news: