Category: Security

To all categories

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

Breaking The Mutant Language's "Encryption (Writeup)"

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903


Untrusted code execution in PHPMailer

active_url validation check bypass in Laravel

POP Gadget using function injection in RequiredIf

Code Execution via Cross Site Scripting in Tagspaces (A file manager)

Relative Path Traversal in Flarum using fake OAuth Provider

XSS in Unified Transform (A school management software)

Stored Cross Site Scripting in October CMS

Cross Site Scripting in digidocu

Internal IP Address leak in Misconfigured WordPress to bypass WAF

Account Takeover on unverified emails in File Sync & Share in Acronis

Open Redirect in Flattr

Unrestricted access to any "connected pack" in docs in coda.io