Shopify: Staff without Manage Themes permissions can update themes

Vulnerability description not provided...

Sifchain: Flaws In Social media Icon on error page which can lead to financial loss to a company.

Here, i found an issue on sifchain.finance that will direct impact to the customer of sifchain company which can be great loss in business as well as there will be problem regarding to communication with the genuine customer of a company. I know that sifchain.finance is not in scope but i saw thi...

Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

GHSA-GG2G-M5WC-VCCQ Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

Clario: Account Takeover because of the mis-configuration on the Password Reset Page

Summary https://api.account.opendoor.ltd has no rate-limit on the password reset's verification page. By this, I can take over any account. All I need to know is victim's email address. Step to reproduce 1. There is an endpoint - POST /v1/verification-code/forgot-password which will take POST dat...

U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

A Department of Defense website was mis-configured in a manner that could have exposed sensitive information about the web application or system. @twicedi was able to demonstrate this vulnerability by crafting specially formatted URLs. Thank you for notifying us!...

U.S. Dept Of Defense: Personal information disclosure on a DoD website

A Department of Defense website was mis-configured in a manner that could have exposed personal information. Thanks for notifying us of this, @spam404! IDOR exposing PII...

U.S. Dept Of Defense: Information disclosure on a DoD website

A Department of Defense website was mis-configured in a manner that could have exposed personal account information. @tsug0d was as able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us! LDAP Injection...

New Relic: Unauthorized Access

Summary of Findings ------------------------------- The remote server https://download.newrelic.com allowed unauthenticated access to special access files that are only intended to be accessible after contacting the New Relic program managers as seen below. Exploiting the...

The use of site MIS-configuration to gain full control-vulnerability warning-the black bar safety net

In fact,now the online safety site and learn Black the site too much, 斡 Guoblowing na? bralso more and more,these contributed to the many sites and individuals, enhance safety awareness,is a good thing. So such as ipc$weak passwords,printer,IDQ remote overflow,UNICODE,3389 input and other...