Three deserialization related issues, two stemming from core of Lucee, and one in Mura a CMS built on Lucee.Lucee is a ColdFusion Markup Language based scripting language the runs on the JVM (Java Virtual Machine) and is intended for the development of web applications...
We have an unnamed dashboard application here that allows users to specify objects that will be rendered into the dashboard through JSON blobs.Users can provide dashboard templates in the form of a JSON blob, including an `item` array of which items to render...
Two cross-site scripting vulnerabilities stemming from the handling of clipboard data in Excalidraw and Microsoft Whiteboard. One allows straight forward exploitation, where as the other has a bit of an iframe trick to it.
This one comes down to a normalization difference between Cloudflare's CDN and the ChatGPT backend server.The Cloudflare CDN was setup to cache all requests under the `/share/` endpoint, and the determination of whether a path matches would happen before any percent-encoded characters were decoded...
The issue itself is fairly easy to describe, Meta found that of 14 reputable brands seven had releases where one or more preinstalled APEX modules (privileged OS code) were signed using only the test keys that are publicly available in the Android Open Source Project (AOSP) repository.
This is a great crypto issue that I think anyone could hunt for, it has to do with seeding of random number generators.Generally speaking in many systems if you know the seed you can break/predict the values that will come from the random number generator...
Disclosure of private report titles on HackerOne if there is a pending email invitation for collaboration (made through the Manager Collaborators invitation panel). With an invite being made any anonymous user anyone can query that report's title by id on the GraphQL API.
Four issues, two are race conditions, two are due to lack of authorization checks on the API and only enforced on the front-end.
A classic filesystem race condition in Metal-based macOS applications that can lead to bypassing of macOS' Transparency Consent and Control privacy framework (TCC).Applications that rely on the Metal framework will look for and process the `MTL_DUMP_PIPELINES_TO_JSON_FILE` environment variable to write debugging data to as that application, even if the given filepath already exists...
This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx](https://github.com/kubernetes/ingress-nginx). At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.