The first issue, is an incorrect computation in golang impacting `go-ethereum`.Its an interesting case, because a base computation might lead to some issues but it usually isn't a security issue...
A cool bug in H2O's QUIC implementation leading to disclosing uninitialized memory.Stream data in HTTP/3 comes in an encoding similar to chunked encoding, including an offset in the chain, the data size and teh data itself...
Maybe an issue, maybe not; the Ruby devs seem to think its a non-issue.This is a case of a library allowing some questionable input...
Just send an email pretending to be part of another report and the system will make you part of it.Its really that simple, sending an email using your the email associated with your Researcher portal account with the subject `VULN-`will get that email added to the report and be copied on future updates...
This is almost an intended feature, basically if an attacker can craft a their own State cookie, they can trick the `StateFilter` into reading the `forwardPath` and forwarding their request to another servlet directly. The interesting side-effect here is that the redirect will bypass any other filters left in the chain and go directly to the other servlet.
StreamLabs would normally only redirect to a set of whitelisted domains approved to recieve the `access_token`.The author here put some effort into discovering what domains were approved, and found `http://dragynslair.live` was whitelisted, but no longer registered...
There is an out-of-bounds access that occures by causing Squirel to lookup a method in the array of class fields.
It is possible for a malicious website to associate a visitor with their a known slack account.The attack relies on a difference in behavior when accessing a file with and without permission, and the ability to share a file with specific users...
Reddit had an issue in associating transactions and order information.If you initiated a coin purchase for say $1.99, the order will be created and the order ID can be obtained...
`pci_vtblk_proc` handling of incoming `virtio` descriptiors and the `VBH_OP_DISCORD` operation has a likely typo that allows for a guest to perform an out of bound memory read.