This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...

These tokens should be unique for every user but it can also be unique per request. CSRF vulnerability is not limited to browsers. An attacker can embed scripting into a word document, RSS web feed, ...

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

An updated version of the ERP software Apache OfBiz closes security leaks that allow the execution of malicious code.

QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical ...

The vulnerability can be exploited for both XSS and server-side request forgery (SSRF) attacks, leading to remote code execution on the server. “This can lead to a full compromise of confidentiality, ...

MITRE has released an updated CWE Top 25 Most Dangerous Software Weaknesses list, with cross-site scripting (XSS) at the top.

This standard is intended to give third parties clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. This ...