Mozilla: After the upload of an private file, using transformations, the file becomes public without the possibility of changing it.

A security vulnerability allowed users to upload private files, but the use of transformations made the files public without the ability to change or delete them...

U.S. Dept Of Defense: CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman

A cross-site scripting XSS vulnerability was found on the cpanel application hosted on a website. The vulnerability allowed an attacker to steal cookies or hijack a browser session. The cpanel was not updated due to the disabled auto-update feature. The vulnerability was mitigated by enabling the...

U.S. Dept Of Defense: DOM-XSS

A DOM-XSS vulnerability was found on a subdomain of a website, which could allow an attacker with access to the Siteminder CA to perform a cross-site scripting attack and cause information leaks, privilege escalation, and/or denial of service. The vulnerability was assigned CVE-2013-5968 and a...

Monero: Dynamic fee algorithm doesn't check for zero fee

The dynamic fee algorithm in the Monero blockchain did not properly check for a zero fee, which could have allowed an attacker to flood the network with transactions at no cost, potentially leading to unlimited blockchain growth...

Cloudflare Public Bug Bounty: Privilege escalation to root in Pages build image v2

Vulnerability description not provided...

Nextcloud: User scoped external storage can be used to gather credentials of other users

Vulnerability description not provided...

Ruby: Stored XSS in RDoc hyperlinks through javascript scheme

Vulnerability description not provided...

Brave Software: UAF on JSEthereumProvider

A UAF Use After Free vulnerability was discovered in the renderer implementation of the Ethereum wallet. This vulnerability allowed an attacker to trigger a crash in the renderer process and potentially execute arbitrary code...

Nextcloud: Open redirect on "Unsupported browser" warning

An open redirect vulnerability was found in Nextcloud's UnsupportedBrowser.vue component. Attackers could construct a malicious URL that includes the redirecturl parameter and a URL of their choice, which would redirect the user to the attacker's URL without validating the decoded URL or checking...

Internet Bug Bounty: Privilege Esacalation at Apache Airflow 2.5.1

A vulnerability was found in Apache Airflow before version 2.6.0 that allowed local Linux users to access sensitive files, such as SSH private keys, owned by the account that operates Airflow. The issue was caused by Airflow setting log files to vulnerable privileges, allowing any Linux user on t...

Ruby: XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)

Vulnerability description not provided...

Mozilla: DOS via cache poisoning on [developer.mozilla.org]

A vulnerability was discovered on the developer.mozilla.org website that allowed an attacker to perform a denial-of-service DoS attack by adding an "X-Forwarded-Host" header with a value causing a 404 error. The website's cache configuration allowed the error response to be saved and served to...

Valve: Steam Deck Single Click Root Remote Code Execution

Vulnerability description not provided...

GitHub Security Lab: [python]: Add some dangerous sinks for paramiko ssh clients

Vulnerability description not provided...

Weblate: Logging in without knowing credentials after logged out action

A vulnerability was discovered where a user could remain logged in to a website even after logging out, and the next person who accesses the site could be automatically logged in as the previous user without needing their credentials. This could potentially lead to sensitive data exposure and...

Weblate: CSRF with logout action

A vulnerability was discovered in Weblate that allowed a bad actor to log out a user by tricking them into clicking a specially crafted link or button. This vulnerability was caused by a lack of CSRF protection on the logout action...

inDrive: XSS on terra-6.indriverapp.com

A Cross-Site Scripting XSS vulnerability was discovered on the terra-6.indriverapp.com domain that allowed javascript code execution in users' browsers...

HackerOne: Insecure Direct Object Reference (IDOR) - Delete Campaigns

An insecure direct object reference IDOR vulnerability was discovered on a website, which allowed an attacker to delete any campaign based on the campaign ID. By modifying the campaign ID parameter in the request, an attacker could delete campaigns on any program. This vulnerability could have...

Rocket.Chat: Rocket.Chat Desktop client fails to open browser on 3rd party external actions from PDF documents

A persistent Cross-Site Scripting XSS vulnerability was identified in the Rocket.Chat Electron desktop application affecting versions 6.3.4 and older. The vulnerability could be exploited through the upload and subsequent user interaction with files containing specially crafted links...

Node.js: fs module's file watching is not restricted by --allow-fs-read

The fs module's file watching feature in Deno was not restricted by the --allow-fs-read flag, allowing attackers to watch files they did not have read access to...

Node.js: fs.openAsBlob() bypasses permission system

The fs.openAsBlob method in Node.js, when used with the --experimental-permission flag, allowed bypassing the permission system and reading files without the required permissions...

Reddit: Huge amount of Subdomains Takeovers at Reddit.com

Vulnerability description not provided...

Internet Bug Bounty: CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC

A vulnerability was discovered in Apache Airflow Spark Provider before version 4.0.1. The vulnerability allowed an attacker to read arbitrary files on the system by passing malicious schema parameters during the connection establishment process. This could be exploited by connecting to a maliciou...

Unikrn: An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier

Vulnerability description not provided...

Mars: ████ ' can add animal to other account ' at ██████

The report indicates that a vulnerability was discovered that allowed an individual to add animals to other user accounts. The vulnerability was addressed by Cyber Defense...

Nextcloud: Text does not respect 'Allow download' permissions

A security vulnerability was discovered in Nextcloud that allowed users to bypass the 'Allow download' permission for sensitive images shared in a folder. This vulnerability allowed unauthorized users to download the images, potentially leading to the leakage of sensitive information...

LinkedIn: CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*

A CSRF vulnerability was identified that could potentially cause a LinkedIn user to follow an attacker-controlled account without additional confirmation by clicking a specially crafted URL...

Omise: Subdomain takeover http://accessday.opn.ooo/

Vulnerability description not provided...

Reddit: Regression on dest parameter sanitization doesn't check scheme/websafe destinations

A vulnerability was discovered in Reddit's login page where the "dest" parameter was not properly sanitized, allowing an attacker to perform a JavaScript-based Open Redirect attack. This could lead to Cross-Site Scripting XSS injection and potential cookie theft. An attacker could exploit this...

Node.js: Process-based permissions can be bypassed with the "inspector" module.

Process-based permissions in Node.js can be bypassed using the built-in inspector module, allowing an attacker to access restricted resources...

Reddit: [accounts.reddit.com] Redirect parameter allows for XSS

The dest parameter in accounts.reddit.com was vulnerable to Cross-Site Scripting XSS attacks, allowing an attacker to execute malicious code and steal user cookies by tricking them into logging in. The vulnerability was exploitable both for logged-in and logged-out users...

Node.js: Renaming/aliasing relative symbolic links potentially redirects them to supposedly inaccessible locations

Vulnerability description not provided...

LinkedIn: CSRF that makes any user send invitations to the attacker by simply clicking on a link.

A CSRF vulnerability was found that allowed sending connection invitations without confirmation when a user clicked on a link...

Node.js: Permissions policies can be bypassed via Module._load.

Vulnerability description not provided...

Reddit: Blind SSRF to internal services in matrix preview_link API

A vulnerability was found in the previewlink functionality of Matrix software used in Reddit's new chat system. The endpoint allowed for partially blind SSRF, enabling attackers to send GET requests and exfiltrate data about internal services. This could potentially lead to service enumeration an...

inDrive: Rider can forcefully get passenger's order accepted resulting in multiple impacts including PII reveal and more mentioned in the report.

A vulnerability was found in the customer order flow that allowed a driver to forcefully accept an order on behalf of a passenger, bypassing the normal negotiation process. This allowed the driver to set the ride price without following the built-in fare calculation algorithm...

Mars: ' Full Account Takeover ' at █████

A severe vulnerability was identified in the login functionality of a website belonging to Mars. An unauthorized actor could manipulate the server's response from the ██████████ endpoint to gain unauthorized access to any user account on the platform, leading to a full account takeover...

HackerOne: Banned user still able to invited to reports as a collabrator and reset the password

A security vulnerability allowed a permanently banned user to still be invited as a collaborator to reports and reset their password, despite being restricted from accessing any account features or reports...

8x8: Credential leak on GitHub: https://github.com/█/█/ (Peoplesoft CRM)

Credentials for a database associated with Peoplesoft CRM were leaked on GitHub. The leak was reported and the repository containing the credentials was taken down. The credentials were associated with a database that is no longer in use...

MercadoLibre: Stored Cross-Site Scripting in mercadopago.com.ar

The summary is as follows: A stored cross-site scripting vulnerability was discovered in mercadopago.com.ar. The issue was acknowledged and addressed by MercadoLibre internally...

Ruby on Rails: Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.

An incorrect handling of certain characters passed to the redirection functionality in Rails could lead to a single-click XSS vulnerability. This vulnerability allowed an attacker to control the href attribute in the HTML response and serve an XSS payload by preventing the redirect. The...

Internet Bug Bounty: Possible DoS Vulnerability in Multipart MIME parsing in rack

A possible DoS vulnerability was found in the Multipart MIME parsing code in Rack. The vulnerability allowed carefully crafted requests to abuse the multipart parsing and cause it to take longer than expected, leading to high CPU and memory usage. All versions of Rack were affected, and the issue...

Nextcloud: user_oidc app is missing bruteforce protection

The useroidc app in Nextcloud was missing bruteforce protection, allowing attackers to iterate over data until they find valid authentication credentials, potentially bypassing authentication...

curl: CVE-2023-28322: more POST-after-PUT confusion

A vulnerability existed in libcurl that allowed an attacker to inject unintended data or cause a segfault by confusing the POST and PUT methods. The previous fix for this vulnerability was insufficient as it only corrected the CURLOPTPOST option, which is not always used when sending data with th...

Node.js: OpenSSL engines can be used to bypass and/or disable the permission model

Arbitrary OpenSSL engines could be loaded in Node.js 20, even when the permission model was enabled, which could bypass and/or disable the permission model, allowing for arbitrary code execution...

IBM: Subdomain Takeover Affecting at vex.weather.com

Vulnerability description not provided...

Node.js: Filesystem experimental permissions policy does not handle path traversal cases.

A path traversal vulnerability in the experimental filesystem permissions policy allowed bypassing restrictions and writing to unintended files...

Mars: ████ ' can change any account email and cannot retrieve his account and access it ' at ███

The security vulnerability described a method to change the email address of any user account, preventing the original user from accessing their account. The vulnerability involved manipulating the user profile update functionality to modify the email address. Despite an error message when...

Cloudflare Public Bug Bounty: Cloudflare CASB Confused Deputy Problem

A vulnerability was found in Cloudflare CASB on Microsoft and GitHub integrations, allowing an attacker to create a new integration and access sensitive information if they were able to enumerate a valid tenant UUID or domain. The issue was resolved by disallowing the creation of multiple...

GitHub Security Lab: CPP: Add query for CWE-369: Divide By Zero.

Vulnerability description not provided...