40 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-386412)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-386412 advisory. In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: assign irq bypass producer token correctly We used to call irqbypassunregisterproducer...
Hemi VDP: Broken X (Twitter) link on hemi.xyz/about
Vulnerability description not provided...
Hemi VDP: Linkedin Broken Link Hijacking on https://hemi.xyz/about
The LinkedIn account link for a team member on the https://hemi.xyz/about page pointed to a non-existent LinkedIn account...
HackerOne: Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation
Vulnerability description not provided...
nullsec VDP: Test by HDR
Test by HDR...
mycompany VDP: This test report has been disclosed by 20_root.
This test report has been disclosed by 20root. ████...
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...
Qualys Is Proud to Sign CISA’s Secure by Design Pledge
Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency CISA and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a key...
Fastly VDP: Cache purge requests are not authenticated
Vulnerability description not provided...
When disclosure goes wrong. People
My experience of vulnerability disclosure is that it is rarely as easy or simple as it could be. I had hoped that bug bounty programmes and vulnerability disclosure programmes VDPs would help matters. Broadly that doesn’t seem to be the case, often for unexpected reasons. It’s not all bad though...
SecurityScorecard: RXSS
Finding an OWASP Top 10 vulnerability is quite common unfortunately. We are glad that our HackerOne VDP has identified this issue and that it is resolved...
CISA Announces Vulnerability Disclosure Policy (VDP) Platform
CISA has announced the establishment of its Vulnerability Disclosure Policy VDP Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a...
U.S. Dept Of Defense: Reflected XSS In https://███████
Hi security team, According to my report 1092618, The VDP team agreed that ████ and it's subdomains is in the scope of the DoD program So I continue testing that domain Vulnerable Website URL: https://███████████████%3CSvg%20OnLoad=alert1%3E Description of Security Issue: Reflected XSS in path...
Doppler VDP: Bypass Email Verification.
steps to reproduce:- 1- sign up into doppler here https://dashboard.doppler.com/register. 2- then it will go to this page https://dashboard.doppler.com/confirm and ask you to confirm your email. 3- go to source code and search for tagsconfirmemail . 4- you will find the email Verification token...
Doppler VDP: Stored XSS in [https://dashboard.doppler.com/workplace/*/logs] pages
Summary: I have found a stored XSS vulnerability in the following config setting page. https://dashboard.doppler.com/workplace//projects/example-project/configs/dev/logs When you invite other users to the workspace, the xss could be used to exploit other users also. Steps To Reproduce: 1 . Visit...
CISA Releases Final Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency CISA has released Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy VDP. BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report...
A Vulnerability Disclosure Program is not just a page on a web site
It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...
CVE-2019-7751
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation ...
CVE-2019-7751
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation ...
CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency CISA has released a draft of Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy VDP. CISA has posted the draft...