A somewhat odd vulnerability in Adobe Coldfusion, where it would take an attacker controllable `classname` parameter and use it to compile Coldfusion code on the fly to render in the response.If the `classname` didn't match a valid Coldfusion Class, it would treat the it as a path to a Coldfusion template...
Authentication Bypass in Apache's OFBiz by including a the GET param `requirePasswordChange=Y` using this will simply bypass the need to authenticate due to some mishandling of errors.
A classic filesystem race condition in Metal-based macOS applications that can lead to bypassing of macOS' Transparency Consent and Control privacy framework (TCC).Applications that rely on the Metal framework will look for and process the `MTL_DUMP_PIPELINES_TO_JSON_FILE` environment variable to write debugging data to as that application, even if the given filepath already exists...
Kinda a cool bug dealing with an improper optimization and the usage of an unexpected object from JS, leading to an out-of-bounds access.
This one starts off with a fun mass-assignment issue.Early on in the processing chain of a HTTP request to CrushFTP's web interface it will parse all the HTTP headers into a Java `Properties`object...
This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx](https://github.com/kubernetes/ingress-nginx). At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.
A very powerful bug in the `io_uring ` driver of the linux kernel.In this case, the vulnerability is in the handling of registering fixed buffers via the `IORING_REGISTER_BUFFERS` opcode, which allows an application to 'pin' and register memory for long-term use, which includes making it exempt from paging mechanics...
Normalization gone wrong, Mastodon, when attempting to normalize a domain would intend to remove any trailing `/`from it, however they did this using `.delete("/")` which removes all `/` characters from the string instead of just a trailing `/`. This meant that someone could use an account like `someone@mastodon.so/cial` to spoof the account `someone@mastodon.social`.
A request smuggling to global cache poisoning chain impacting Akami Edge nodes in front of an F5 BigIP server.
What happens when you don't properly validate OAuth access tokens? Account takeovers.