CVE-2025-27921

A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...

Facebook Is Now Encrypting Links to Prevent URL Stripping

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it...

CS Money: Internal Path Disclosure

Hello Team, I would like to report internal path disclosure in response. I was trying for Stored XSS but got no luck in that process. I observed the responses, one of the responses showing file path with 500 Internal Server Error. Steps To Reproduce: 1. Go to cs.money and sign in through steam...

Three pieces of Flash 0day vulnerability exposure, Flash again the emergency update-bug warning-the black bar safety net

Firefox developers in the latest version of the Firefox browser in the Flash Player Plug-In included in the shield list, which means that on the website all Flash content will be disabled and the user had to manually open the Flash. Adobe today released the latest 1 8. 0. 0. 2 0 9 version, has be...