17 matches found
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...
EUVD-2026-18827
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL...
CVE-2026-22664
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
CVE-2026-22664
The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...
CVE-2025-12879
The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...
Combat Rising Account Abuse: Akamai and Ping Identity Partner Up
...
Defend Against Account Abuse in Financial Services
Learn how Akamai Account Protector defends against account abuse by distinguishing between legitimate and malicious activities...
GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack
Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...
How Fraudsters Execute Account Opening Abuse
...
U.S. Dept Of Defense: Reflected XSS www.█████ search form
Description: Reflected XSS vulnerabilities arise when the application accepts a malicious input script from a user and then this is executed in the victim's browser.Since the XSS is reflected, the attacker has to trick the victim into executing the payload, usually using another website. In this...
CVE-2018-10117
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP...
Bukura App Has Logic Design Flaws
Cloth Warehouse APP is a cloth finding application developed by Guangdong Zhida Textile & Decoration Co. Ltd. specifically for fabric buyers, soft furnishing designers. There is a logical design vulnerability in the Cloth Storage APP, which can be exploited by an attacker to register an arbitrary...
Friend's Home App Has Logic Design Flaws
Friends Home App is a social B&B platform based on acquaintance relationship. There is a logical design vulnerability in the Friend's Home APP, which can be exploited by an attacker to register arbitrary accounts and reset account passwords, leading to account abuse and consumption of service...
Verification code leakage vulnerability in the dear APP of Nanjing UAF Network Technology Co.
Dear App is a mobile couple social software. Nanjing UAF Network Technology Co. Dear APP has a verification code leakage vulnerability, which allows an attacker to use any number to register, leading to account abuse and consumption of service resources...
Butler Smart App for Android is vulnerable to malicious bulk registrations
The Butler Smart App is a mobile application that goes along with the smart cat eye device. A malicious bulk registration vulnerability exists in Butler Smart APP for Android. An attacker can exploit the vulnerability to register accounts in bulk, leading to account abuse and consumption of servi...
Multiple Vulnerabilities in the Memory Bug App
Memory Bug is a memory cloud app that preserves a lifetime of memories. There are logical design, cross-site scripting and directory traversal vulnerabilities in the Memory Bug APP, which allow attackers to successfully register any account, reset account passwords, and insert malicious xxs code ...
Uber: Brute-Forcing invite codes in partners.uber.com
Hi, //We are going to use this link : https://partners.uber.com/join/?invitecode=xxxxx with GET method. There are options to customize codes, We can do it with only numbers https://partners.uber.com/join/?invitecode=1 to 10000 Or we can use some words with numbers...