15267 matches found
HackerOne: The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present
The /reports/:id.json endpoint disclosed potentially sensitive user attributes, including the reporter's email, OTP backup codes, phone number, graphqlsecrettoken, and t-shirt size when a reporter summary was present...
WordPress: Pivilege escalation of any new user to Keymaster caused by CSRF
A vulnerability in the bbPress plugin allowed an attacker to escalate a newly registered user's forum role to bbpkeymaster without proper authentication. This occurred because bbPress failed to implement adequate CSRF protections when assigning forum roles, allowing an attacker to craft a malicio...
AWS VDP: Non-Production API Endpoints for the Device Farm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The Device Farm service was found to have two non-production API endpoints that could be accessed using standard IAM credentials without generating CloudTrail logs. This allowed silent permission enumeration, where an adversary could test the permissions of compromised credentials without...
Hemi VDP: VSCode launch.json file exposed on hemi.xyz
A .vscode/launch.json file was published publicly on https://hemi.xyz/...
Autodesk: CVE-2023-5561 on Payapps.com
A vulnerability was identified at the WordPress site on payapps.com. This vulnerability allowed unauthenticated attackers to discern the email addresses of users who have published public posts. The vulnerability has been fixed...
Mozilla: Mozilla VPN Clients: RCE via file write and path traversal
The report describes a path traversal vulnerability in the Mozilla VPN client software that allowed for remote code execution. The vulnerability was found in the "livereload" command of the client's inspector feature, which could be accessed when the client was in developer mode with "Use Staging...
Hemi VDP: Broken X (Twitter) link on hemi.xyz/about
Vulnerability description not provided...
Hemi VDP: Cloudflare WAF Bypass - Origin IP Exposure
The Cloudflare WAF was bypassed, exposing an IP address belonging to a server operated by Hemi...
Hemi VDP: Linkedin Broken Link Hijacking on https://hemi.xyz/about
The LinkedIn account link for a team member on the https://hemi.xyz/about page pointed to a non-existent LinkedIn account...
curl: Format string vulnerability, curl_msnprintf() function
Summary: A vulnerability has been identified in the curl library’s formatted output functions specifically in curlmsnprintf and its related functions. When a malicious attacker-controlled format string containing the %hn conversion specifier is passed, the function incorrectly attempts to write t...
Internet Bug Bounty: Possible DoS by memory exhaustion in net/imap
The net-imap gem implemented an IMAP client in Ruby. Versions prior to 0.3.8, 0.4.19, and 0.5.6 contained a vulnerability that could lead to denial of service by memory exhaustion. The vulnerability was caused by the response parser using Rangetoa to convert uid-set data without limiting the...
Autodesk: Wordpress users Disclosure
we can see all the WordPress users/author with some of their information. Which can even be Personal information of employees/author. The file author-sitemap.xml at:https://www.payapps.com/author-sitemap.xml is enabled and this give the attacker many users names and emails like: F4036174 Impact...
curl: TLS Cipher Misconfiguration in HTTP/3/QUIC Support
Summary: This vulnerability occurs when the --ciphers option is used with the curl command to manually specify TLS cipher suites. HTTP/3 or QUIC fails to function in this scenario because QUIC does not rely on traditional TLS cipher suites defined for TLS 1.2 or earlier. Consequently, using the...
curl: ("possible") UAF
Title: Potential Use-After-Free Vulnerability in cfh2proxyctxfree Function of libcurl Vulnerability Overview: A potential Use-After-Free UAF vulnerability has been identified in the cfh2proxyctxfree function of the libcurl library. This issue occurs when the cfh2proxyctx object is freed and then...
AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identified that can be accessed using standard IAM credentials and do not generate CloudTrail logs. This...
AWS VDP: Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints
The Comprehend Medical service was found to have 8 API endpoints that incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail event logs. This behavior was observed specifically for FIPS endpoints, which may have been an intentional design decision. The...
XVIDEOS: Unauthenticated API Access Exposing Premium Content and Financial Data
Security Report: Unauthenticated API Access Exposing Premium Content and Financial Data Issue Summary A critical security flaw has been identified on xvideos.red, allowing unrestricted access to premium channels and videos without requiring a paid membership. Normally, these resources should be...
XVIDEOS: API Data Leakage Vulnerability Report - `xvcams.com`
HackerOne API Data Leakage Vulnerability Report - xvcams.com --- Summary: A sensitive data exposure vulnerability was discovered in the API endpoints of xvcams.com. These API responses leak personally identifiable information PII of models, including birthdates, locations, eye color, phone...
XVIDEOS: Error Page Content Spoofing or Text Injection
F4027663 Title: Error Page Content Spoofing or Text Injection URL: https://www.xvcams.com/assets/!!!ATENTION!%20This%20server%20is%20on%20Maintenance%20please%20go%20to%20WWW.EVIL.COM ---...
Autodesk: HTML Injection in Business Name Parameter in Payapps
A HTML injection vulnerability was found in Autodesk Payapps, where arbitrary HTML content could have been injected in emails sent to users on signup. The vulnerability was reported by @0xsom3a and has been fixed by Autodesk...
Internet Bug Bounty: TLS client authentication can be bypassed due to ticket resumption
The TLS client authentication can be bypassed due to ticket resumption. The issue was that TLS session tickets were not properly isolated for multiple virtual hosts in one server. This allowed a ticket issued for one virtual host to be resumed at a different virtual host, circumventing client...
Cosmos: Unauthorized coins transfer from locking account(s)
The Cosmos SDK was found to have a vulnerability that allowed unauthorized transfer of funds from locking accounts. The issue was specifically identified in the periodic-locking-account, but it was believed to affect other locking account types as well. The vulnerability stemmed from the way the...
Internet Bug Bounty: CVE-2025-0725: Heap overflow in curl with Content-Encoding gzip and old libz versions
A vulnerability was reported in the curl project, where a heap overflow could be triggered by a malicious HTTP server serving abnormally large gzip headers. The vulnerability was caused by an integer overflow in curl's support for old libz versions when the Content-Encoding: gzip header was used...
Autodesk: Stored XSS via Post Tittle Enabling Non-Privileged User to Privileged User Exploitation on https://forums.autodesk.com/
A stored cross-site scripting XSS vulnerability was found on Autodesk Forums. The vulnerability allowed an attacker to inject malicious JavaScript code when viewed by both non-privileged and privileged users. The vulnerability was fixed by Autodesk...
AWS VDP: Non-Production API Endpoints for the cloudwatch Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The vulnerability allows adversaries to silently enumerate permissions of compromised AWS credentials for the CloudWatch service without generating logs in CloudTrail. Two non-production API endpoints were identified that can be accessed with standard IAM credentials but do not log the activity...
Autodesk: Stored Cross-Site Scripting found in custom integration app on https://admin.b360.autodesk.com.
Stored Cross-Site Scripting was found in custom integration app on https://admin.b360.autodesk.com. The vulnerability could have allowed an attacker to inject malicious JavaScript code when viewed by users. The issue was fixed by Autodesk...
XVIDEOS: Error Page Content Spoofing or Text Injection
The content spoofing vulnerability on multi.xnxx.com allowed arbitrary text to be injected into error pages. The injected content was reflected back to users under the trusted domain, which could have been exploited for social engineering attacks...
U.S. Dept Of Defense: Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on █████████ (very large/significant exposure)
A vulnerability was discovered in a Department of Defense-owned Salesforce asset that allowed unauthorized access to sensitive personal information of Air Force candidates. The vulnerability stemmed from a misconfiguration in the Document object, which permitted an attacker to retrieve a large...
Autodesk: Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation
The Insecure Direct Object Reference IDOR vulnerability was discovered in the GraphQL deleteProfileImages mutation of the Autodesk User Profile. The vulnerability could have allowed an attacker to delete another user's photo through the "id" parameter. Autodesk has addressed the vulnerability...
Reddit: Exposed proxy allows to access internal reddit domains
An exposed proxy at 52.90.28.77:30920 was found to allow access to internal reddit domains, such as snoo.dev, which were used by Reddit employees...
U.S. Dept Of Defense: IDOR Exposes PII of Tens of Thousands of Users and Supervisors
A vulnerability was discovered that exposed personally identifiable information PII of tens of thousands of users and supervisors. The vulnerability was found in a system that allowed users to submit a SAAR. By modifying a URL parameter, users could view other users' SAARs, which contained...
HackerOne: Ability to access policy and updates for unauthorized program
The vulnerability allowed an unauthorized user to access the policy and updates for a restricted program using an API key. The user was able to retrieve sensitive data from the unauthorized program, even though they were only granted access to one of the two programs in the organization...
Autodesk: Insecure Direct Object Reference (IDOR) Vulnerability in Autodesk User Profile
An Insecure Direct Object Reference IDOR vulnerability was discovered in the Autodesk User Profile. The vulnerability was found in the "id" parameter, which could have allowed an attacker to edit another user's profile...
Autodesk: Django Debug Mode Enabled - Information Disclosure on api.wwm-dev.autodesk.com
The domain api.wwm-dev.autodesk.com was discovered to have Django debug mode enabled, which led to information disclosure. The issue was fixed by Autodesk...
Top Echelon Software: Clickjacking in main domain https://topechelon.com/
The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...
U.S. Dept Of Defense: 2FA Bypass via Response Manipulation on Login Page
A vulnerability was discovered in the Two-Factor Authentication 2FA mechanism of the website. The vulnerability allowed bypassing the 2FA verification process by intercepting and manipulating the server's response. As a result, an attacker could gain unauthorized access to an account after...
Autodesk: IDOR Vulnerability Allowing Unauthorized Profile Picture Change
An IDOR vulnerability was found on the Autodesk User Profile, which allowed an attacker to edit another user's profile picture. The vulnerability was reported and has been fixed by Autodesk...
curl: curl allows SSH connection even if host is not in known_hosts
Summary: Curl does not fail if the SSH host identity cannot be verified due to the host not being included in the .ssh/knownhosts file. This makes using curl to login into an previously unknown ssh host system vulnerable to meddler in the middle attacks. When using key based authentication it wil...
MTN Group: SQLi | in URL paths
The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...
Brave Software: Null Pointer Dereference by Crafted Response from AI Model
The Brave browser was affected by a null pointer dereference vulnerability caused by a crafted response from an AI model. The vulnerability was triggered when the user set a malicious endpoint as the AI model's server endpoint. The code handling the server response assumed a specific structure...
XVIDEOS: Open redirect
Summary: An open redirect vulnerability was discovered on the website https://www.xnxx.com/todays-selection/1. This issue allows attackers to modify URLs to redirect users to arbitrary external websites, including malicious or phishing sites. The vulnerability can be exploited by manipulating...
XVIDEOS: Stored XSS via SMTP Error Message
A Stored Cross-Site Scripting XSS vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were passed into the html method without proper sanitization, allowing an attacker to store and execute...
curl: CVE-2025-0725: gzip integer overflow
The libcurl library contained a vulnerability in the gzip content encoding function that allowed a malicious HTTP server to craft an arbitrary heap chunk in the memory of the victim and trigger a free of that forged chunk. This was possible due to an integer overflow in the handling of gzip...
IBM: Weak credentials found in Jenkins endpoint
Weak credentials were discovered in a Jenkins endpoint. The issue was reported to IBM, analyzed, and remediated...
U.S. Dept Of Defense: ASBS Analytics Dashboard
A dashboard was found to provide authenticated users with access to user and session analytics for the platform. The dashboard allowed users to view information such as active boards, total candidates, vote rate, and estimated completion in the last 12 days. The affected product version was...
U.S. Dept Of Defense: ASBS viewing other soldiers PII/Board/Board Voters/ETC
The vulnerability allowed an authenticated user to run GraphQL queries that returned sensitive information on other users, such as their personally identifiable information, board information, and clearance details. The vulnerability was present in version 1.09.00.0 of the affected system and...
curl: CVE-2025-0665: eventfd double close
Summary: GitHub issue 15725 describes a double close in libcurl 8.11.1. I believe that a double close in multi threaded code should be considered a security vulnerability. A fix already exists for this, so it should be good in the next release. I am not 100% sure this is the place to be making su...
AWS VDP: Non-Production API Endpoints for the bedrock Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The bedrock service was found to have 5 non-production API endpoints that could be used with standard IAM credentials to enumerate permissions without logging to CloudTrail. The impacted endpoints allowed the invocation of bedrock:ListImportedModels and bedrock:ListModelImportJobs actions. This...
U.S. Dept Of Defense: Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil
The applicant security exam contained an Insecure Direct Object Reference IDOR vulnerability on the custom Apex controller on the https://█████.mil portal. The vulnerability allowed an attacker to switch the ownership of any Attachment record and access the files, which contained sensitive...
Yelp: RXSS AT https://proze.yelp.com/tmsubscribe.net/vidsn.aspx
The proze.yelp.com domain was vulnerable to Cross-Site Scripting XSS attacks, which allowed the injection of malicious scripts that could affect the security of users of the domain...