About

Archive - November 2022

Tailscale VPN nodes vulnerable to DNS rebinding, RCE 30 November 2022 at 13:28 UTC Intel disputes seriousness of Data Centre Manager authentication flaw 29 November 2022 at 16:30 UTC Million-dollar bug bounties: The rise of record-breaking payouts 29 November 2022 at 15:50 UTC How to become a penetration tester: Part 1 – your path into offensive security testing 29 November 2022 at 15:13 UTC ConnectWise closes XSS vector for remote hijack scams 25 November 2022 at 15:00 UTC Vulnerability in AWS AppSync allowed unauthorized access to cloud resources 25 November 2022 at 10:22 UTC Mastodon vulnerable to multiple system configuration problems 22 November 2022 at 15:23 UTC Ibexa DXP patched for GraphQL password hash leak vulnerability 18 November 2022 at 13:15 UTC HackerOne encourages customers to adopt standard policy to protect hackers from legal problems 17 November 2022 at 15:27 UTC Google Roulette: Developer console trick can trigger XSS in Chromium browsers 17 November 2022 at 13:16 UTC F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices 16 November 2022 at 15:02 UTC Zendesk Explore flaws opened the door to account pillage 15 November 2022 at 16:10 UTC Mastodon users vulnerable to password-stealing attacks 15 November 2022 at 15:39 UTC All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks 14 November 2022 at 16:16 UTC Prototype pollution project yields another Parse Server RCE 11 November 2022 at 15:37 UTC CSRF in Plesk API enabled server takeover 11 November 2022 at 11:31 UTC Google Pixel screen-lock hack earns researcher $70k 10 November 2022 at 16:14 UTC CSS injection flaw patched in Acronis cloud management console 09 November 2022 at 14:43 UTC Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug 08 November 2022 at 16:33 UTC Prototype pollution bug exposed Ember.js applications to XSS 08 November 2022 at 12:16 UTC Boffins rekindle one-time program cryptographic concept 04 November 2022 at 14:13 UTC Gatsby patches SSRF, XSS bugs in Cloud Image CDN 03 November 2022 at 13:22 UTC Malicious proof-of-concepts are exposing GitHub users to malware and more 02 November 2022 at 16:48 UTC Urlscan.io API unwittingly leaks sensitive URLs, data 02 November 2022 at 14:38 UTC OpenSSL vulnerability downgraded to ‘high’ severity 01 November 2022 at 18:54 UTC Bug Bounty Radar // The latest bug bounty programs for November 2022 01 November 2022 at 15:43 UTC