Nextcloud: WebAuthn app was updated based on public key

Vulnerability description not provided...

WakaTime: Invalid

Summary: While testing the OAuth implementation on your platform, I discovered a critical vulnerability that allows a malicious attacker to take over any victim’s account and maintain persistent access even if the victim later verifies their email or changes their password. This issue arises...

curl: WebSocket Fragmentation DoS on Curl Client

Summary A malicious WebSocket server can send a fragmented message FIN=0 followed by a flood of continuation frames, causing the client curl to continuously allocate memory while waiting for message completion. This can result in high memory usage and potential crash OOM, representing a...