-
# Summary
The ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters `site_title`, `site_subtitle`, `site_key…
-
https://www.wbaltv.com/article/ransomware-attack-confirmed-maryland-department-of-health-website/38747147#
-
Reported by Drew Springall (@aaspring) yesterday at DEF CON (~24 hours before submissions close):
### [2nd Device QR-based Anti-Malware Check](https://docs.siv.org/verifiability/detecting-malware) …
-
### Before submitting your bug report
- [X] I believe this is a bug. I'll try to join the [Continue Discord](https://discord.gg/NWtdYexhMs) for questions
- [X] I'm not able to find an [open issue](ht…
-
**Is your feature request related to a problem? Please describe.**
I would like to be able to block countries, as well as to be able to set a challenge when they are blocked. For example: whitelist o…
-
Currently, based on the README, if an attacker wants to brute-force a user's password, he has to compute Argon2id for each password try (given by the user as input). (Which is good.)
However, if t…
-
This file is vulnerable to an attack, where the attacker can send the victim to this URL:
https://my.website.com/**/**/**/**/ng-file-upload-shim/FileAPI.flash.swf?ping=//authorization.site
And t…
-
-
https://explorer.bitcoingold.org/ has been down for a few days.
The error is "Error 1000 - DNS points to prohibited IP" (screenshot attached)
![Capture](https://github.com/user-attachments/assets/…
-
The rule 920220 has been in CRS since before the time we moved to github and CRS 3. There was a complicated regex that was later simplified. In the simplified form, it triggers a lot of false positive…