15267 matches found
U.S. Dept Of Defense: XSS on ███
A reflected Cross-Site Scripting XSS vulnerability was discovered on the search functionality of the affected system. The vulnerability was triggered by entering a crafted input in the search field. The impact of this vulnerability was the potential execution of arbitrary JavaScript code in the...
Nintendo: [Xenoblade Chronicles X: Definitive Edition] Improper validation of names allows injecting formatting tags and bypassing profanity filter
The vulnerability in Xenoblade Chronicles X: Definitive Edition allowed improper validation of names, enabling the injection of formatting tags and bypassing the profanity filter...
Nintendo: [Xenoblade Chronicles X: Definitive Edition] Buffer overflow in string escape function, multiplayer DoS
A buffer overflow vulnerability was discovered in the string escape function of Xenoblade Chronicles X: Definitive Edition, which could have led to a denial-of-service DoS issue in the game's multiplayer mode...
Autodesk: Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com
A reflected cross-site scripting XSS vulnerability was found on files stored on an Autodesk AREA server. The vulnerability could have allowed an attacker to inject malicious JavaScript code when the files were viewed by users. Autodesk has fixed the vulnerability...
curl: Double free caused by mqtt_doing()
mqttdoing lib/mqtt.c causes a double free under certain conditions. The conditions are 1 an mqttsend is unable to send its entire buffer at one time; and 2 the next call to mqttsend fails. The bug arises because mqttdoing frees the pointer mq-sendleftovers without nulling it line 755. Source belo...
AWS VDP: Amazon Kendra Intelligent Ranking Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints
The AWS Kendra Intelligent Ranking service was found to incorrectly report the user-agent and network information as "AWS Internal" for four API endpoints that are FIPS endpoints. This issue can lead to the obscuring of request information that may be used to track down an adversary...
1Password - Enterprise Password Manager: #**CSV Injection in shared passwords leads to complete Private Vault Exfiltration**
Vulnerability description not provided...
AWS VDP: Non-Production API Endpoints for the Health Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The AWS Health service was found to have 11 non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could test the capabilities of compromised credentials without generatin...
Nintendo: Splatoon 3 Anticheat Seed Randomization Weakness
A weakness in the anticheat seed randomization implementation of Splatoon 3 was discovered. The vulnerability allowed the predictability of the seed used for anticheat checks, potentially undermining the intended security measures...
Nextcloud: Users can modify tags on files that do not belong to them
A vulnerability was discovered in which users could modify tags on files that did not belong to them. This issue has been addressed...
curl: Buffer Overflow in curl's Rustls Backend
Summary: summary of the vulnerability A buffer overflow vulnerability exists in the curl library's Rustls backend due to an integer overflow in the dynamic buffer management. This issue could potentially allow an attacker to overwrite memory, leading to application crashes or, in theory, arbitrar...
TikTok: Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers).
A stored cross-site scripting vulnerability was discovered in TikTok's contact form backend. Malicious code submitted through the form executed when administrators viewed the submission, exposing sensitive internal data such as cookies, API keys, internal paths, emails, and phone numbers...
curl: Free of uninitialized pointer in doh_decode_rdata_name()
dohdecoderdataname lib/doh.c frees an uninitialized pointer under certain conditions. If the remaining buffer length remaining is bufr; but s-bufr isn't initialized when line 1033 calls it. The bug is that line 1036 should be at the beginning of the function. To illustrate the issue using Visual...
Autodesk: Twitter broken link hijacking in thewild.com
A broken link hijacking vulnerability was discovered on thewild.com. The issue was reported and subsequently fixed by Autodesk...
Cloudflare Public Bug Bounty: Bypass of Cloudflare's Cache Keys and WAF via header overflow
A limitation in the HTTP request header parsing in Front Line FL processing enabled attackers to bypass defined rulesets. The maximum amount of headers being parsed by openresty was 100 HTTP headers including internal ones. This problem applied to any ruleset on HTTP headers. Attackers were able ...
Internet Bug Bounty: CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet
The Apache Tomcat vulnerability CVE-2025-24813 allowed remote code execution and information disclosure. The vulnerability was caused by a combination of features, including writes enabled for the default servlet, support for partial PUT requests, and the use of Tomcat's file-based session...
AWS VDP: Non-Production API Endpoints for the Glue Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The AWS Glue service was found to have 12 non-production API endpoints that could be accessed using standard IAM credentials without generating any CloudTrail logs. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials withou...
curl: Improper Restriction of Authentication Attempts in cURL
Summary: The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials. This issue affects authentication-based requests and could lead to unauthorized access if an attacker successfully guesses a vali...
AWS VDP: Non-Production API Endpoints for the Global Accelerator Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The researchers discovered that there are 8 non-production endpoints for the Global Accelerator service which can be used with standard IAM credentials and do not log to CloudTrail. This allows for silent permission enumeration, where an adversary can determine the permissions of compromised...
TikTok: Chain Vulnerability lead to Full Control Group Live Accounts & Undeletable Creator
A vulnerability was discovered in a TikTok LIVE backend platform that could have allowed a user to gain access controls beyond their account privileges. The vulnerability was reported by @eneri...
U.S. Dept Of Defense: Information Disclosure in API Endpoint /users
An endpoint /users was exposing sensitive user information, including id, first name, last name, email, role, and authdata, to unauthenticated users. This allowed anyone to retrieve private user details without authentication...
Mozilla: [Privilege Escalation] User can Pin|Unpin Any Comment on Any Project or Locale
A vulnerability was discovered in the Pontoon application where any user could pin or unpin comments on any project or locale, despite lacking the necessary privileges. This was possible due to the lack of proper access controls in the backend code handling the pin and unpin functionality...
Autodesk: SSRF in Autodesk Rendering leading to account takeover
A server side request forgery SSRF vulnerability was discovered in Autodesk Rendering. The vulnerability could have allowed an attacker to gain control of a victim's account while they were logged in. Autodesk has fixed the vulnerability...
Internet Bug Bounty: [CVE-2025-27220] ReDoS in CGI::Util#escapeElement
The cgi gem contains a vulnerability in the CGI::UtilescapeElement method that is susceptible to Regular Expression Denial of Service ReDoS. This vulnerability has been assigned the CVE identifier CVE-2025-27220. Users are advised to upgrade the cgi gem to address this issue...
curl: Memory leak of ftp (with proxy reuse)
Summary: summary of the vulnerability There is a memory leak with FTP see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Just reporting a bit raw, not sure this is not just a small leak that doe...
AWS VDP: Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The Forecast service in Amazon Web Services AWS has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised...
curl: Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts
Summary: summary of the vulnerability There is a use after free in curlmultiperform when DoH resolver timeouts and CURLOPTPROXY is used see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Another...
AWS VDP: Non-Production API Endpoint for the EventBridge Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
The non-production API endpoint for the EventBridge service was found to fail to log to CloudTrail, resulting in silent permission enumeration. This vulnerability was reported to AWS, as it allowed for the enumeration of permissions of compromised credentials without generating CloudTrail logs,...
AWS VDP: Non-Production API Endpoint for the ElastiCache Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
The ElastiCache service contains a non-production API endpoint that allows for permission enumeration without logging to CloudTrail. This could enable an adversary with compromised credentials to silently test the permissions of the credentials...
Malwarebytes: Email Verification Bypass via Race Condition
An email verification bypass vulnerability was discovered in the my.malwarebytes.com. Steps to Reproduce - Create an account using an attacker email: [email protected]. - Verify the account. - Go to account settings and update the email address to...
Mozilla: [Vertical Privilege Escalation] User can Unapproved any Approved Translation at [/translations/unapprove/]
A vulnerability was discovered in the Pontoon web application where any logged-in user could unapprove any approved translation, regardless of their privileges. This was due to a logical error in the validation logic, which allowed bypassing the authorization check. The vulnerability could be...
U.S. Dept Of Defense: Exposure of Sensitive Debug File Containing database dump with passwords in plain text
A publicly accessible debug file was discovered, exposing sensitive database credentials including usernames and passwords in plaintext. The file contained information such as the database name, type, and server...
Cosmos: Groups module can halt chain when handling a proposal with malicious group weights
The Cosmos SDK's groups module contained a vulnerability that could cause a chain to halt when handling a proposal with malicious group weights. The issue was triggered by a division operation that could fail due to the exponent of the resulting value being out of range, leading to a panic and...
AWS VDP: Sensitive API Key Leakage
Vulnerability: AWS Sensitive Keys Leakage Details : the AWS Access Key & Secret Key is leaked in a Public GitHub Repository located at : Repository located at : █████████ Steps To Reproduce: Go to : ██████ In the middle of this file you can see the Keys Please see the attached screenshot also...
XVIDEOS: Enable 2FA without verifying the email
A vulnerability in xvideos.com allows an attacker to register using victim email addresses which are unverified. This can be further exploited to enable two-factor authentication 2FA, permanently locking the victim out of their own email account. This results in a denial-of-service attack against...
AWS VDP: (Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The non-production API endpoints for the Datazone service failed to log to CloudTrail, resulting in silent permission enumeration. The vulnerability was discovered through certificate transparency monitoring, where three additional vulnerable endpoints were identified...
PortSwigger Web Security: Burp Suite extensions can execute arbitrary code
Dear PortSwigger Security Team, I hope you’re doing well. I’m reaching out to share a security concern regarding Burp Suite’s extension framework that could allow an attacker to compromise a machine by executing untrusted code. While Burp Suite offers powerful extensibility, this flexibility can...
Internet Bug Bounty: [CVE-2025-27219] Denial of Service in CGI::Cookie.parse
A denial-of-service vulnerability was discovered in the CGI::Cookie.parse method of the Ruby cgi gem. The vulnerability was caused by the method taking super-linear time to parse a maliciously crafted cookie string. This could have led to service disruptions. The vulnerability was assigned the CV...
TikTok: Chained Broken Access Control in TikTok Live Backstage Enables Full Control of Public Leaderboard Activities
A broken access control vulnerability in TikTok Live Backstage allowed low-privilege users to gain unauthorized control over public leaderboard activities belonging to other organizations...
U.S. Dept Of Defense: Sensitive Images & Files Exposed Through Directory Listing
During reconnaissance, a directory listing was identified that provided an index of resources located inside the directory. The specific files exposed were not provided. The affected system host was not disclosed...
AWS VDP: Non-Production API Endpoints for the DocumentDB Elastic Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The DocumentDB Elastic service was found to have three non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials...
LY Corporation: Stored XSS via SVG Upload in chat.line.biz
An SVG file containing malicious JavaScript was uploaded to the web application without proper filtering or disabling of embedded scripts. When another user opened the malicious SVG file in the management interface, the embedded script was executed in the browser, resulting in a stored cross-site...
U.S. Dept Of Defense: Exposed Sensitive PDF: Misconfigured Access Controls Leading to Information Disclosure
A sensitive PDF document marked "UNCLASSIFIED // NOT APPROVED FOR PUBLIC RELEASE // FOR OFFICIAL USE ONLY" was found to be publicly accessible on the ACC website due to a misconfigured access control. This resulted in an unintended disclosure of internal information...
Ruby on Rails: 1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer
Vulnerability description not provided...
Autodesk: Stored XSS in AREA tutorials
A stored cross-site scripting XSS vulnerability was discovered in the AREA tutorials feature. The vulnerability could have allowed an attacker to inject malicious JavaScript code when publishing a tutorial. The vulnerability was reported and fixed by Autodesk...
U.S. Dept Of Defense: Error-based blind SQL injection
An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...
WakaTime: User Email Disclosure via ID-Based Invitation
The issue occurs when inviting a user by their WakaTime ID. If a user has set their email to private, their email address was disclosed when they were invited using their ID. This contradicted the privacy settings and led to unintended email exposure...
Internet Bug Bounty: CVE-2024-43398: DoS vulnerability in REXML
The CVE-2024-43398 vulnerability was a denial-of-service issue in the REXML library due to poor performance when parsing specially crafted XML. This vulnerability was addressed with a patch released by the Ruby team...
Autodesk: Exposing debug.log file leads to server full path disclosure
Vulnerability description not provided...
curl: curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments
Summary: cleanarg helper func doesn't work, when credentials are provided without a whitespace to a short options flag, e.g. -uUSER:PASS vs -u USER:PASS or -UUSER:PASS vs -U UUSER:PASS Affected version curl -V curl 8.12.1 x8664-pc-linux-musl libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0...