Vulnerabilities tagged "vuln"

Only the phone number parameter was being validated.So an attacker could maliciously modify the country code...

SharePoint Workflows are essentially a series of tasks to streamline a business process.With the clear potential for abuse there exist an `authorizedTypes` list that will both allow and block classes...

Had a JWT, and noticed functionality to invite a user to a group and then change their privileges, these privileges were reflected in the JWT scopes.Though modification of this edit user request additional scopes that were not displayed could be added, such as the `company:operations` and `company:support` scopes...

Bit of a saga starting with a patch to Apache httpd earlier this year that introduced an old vulnerability back into the Apache when encountering

There is a use-after-free on Chrome for Android when fetching credit card details to autofill. This vulnerability does require the victim have credit card details saved by Chrome.

First a bit of background terminology as I understand it. Not being familiar with v8 there are likely some subtleties I am missing.

Root cause here is an XSS in the "My Flow" feature resulting in client-side code execution.

Three more OAuth flow vulnerabilities

Three meme vulnerabilities in Cisco Hyperflex, two unauthenticated RCEs, one unauthenticated directory traversal attack in a file upload, and two traversal attacks that were authenticated.

Archive Utility on macOS had a bug when encountering long file paths during extraction that would result in the extracted files not recieving the `com.apple.quarantine` attribute that Gatekeeper looks for.