Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Hacker One
Hacker Oneadded 2017/05/15 11:7 a.m.33 views

Weblate: DNSSEC Zone Walk using NSEC Records

Due to a design flaw in the NSEC records used by DNSSEC it is possible to discover all subdomains of a particular domain for which NSEC records are available. NSEC records are used by the weblate.org domain which means anyone can retreive all subdomains of weblate.org. These subdomains can contai...

6.5AI score
Exploits0
Hacker One
Hacker Oneadded 2017/04/26 11:53 p.m.28 views

Weblate: Email spoofing at weblate.org

Good day. I found security bug at weblate.org. Now anybody may send email from weblate.org domain. Now you have SPF policy and DMARC policy, that does not protect anything because exists insecure domain policy: "p=none" and "sp=none". Anybody may send email from weblate.org or subdomain, that are...

6.9AI score
Exploits0
Hacker One
Hacker Oneadded 2017/04/25 10:48 a.m.15 views

Weblate: weblate.org: X-XSS-Protection not enabled

Hi, X-Xss-Protection @https://weblate.org has not been set. This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari Webkit. Valid settings for the header are 0, which disables the protection, 1 which enables the protection and 1;...

6AI score
Exploits0
Rows per page
Query Builder