CVE-2021-41101

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS Access-Control-Allow-Origin header set by nginz is set for all subdomains of .wire.com including wire.com. This means that if somebody were to find an XSS vector in any of the...

SUSE-SU-2025:20010-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 - Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

MTN Group: Exposure Of Admin Username & Password

Hello Team, Ther an exposure of your username and password on this subdomain https://engage2.mtnonline.com/nc/ Exposed Credentials uid: "mtnng", passwd: "bd31568138edbfc0552a1ecc6886ea5c", Steps To Reproduce: Visit https://engage2.mtnonline.com/nc/ Now, press CTRL+U to view the source code of thi...

OWOX, Inc.: Subdomain Takeover on http://kiosk.owox.com/

Subdomain http://kiosk.owox.com/ was preserved from being taken over by an attacker...