BugCrowd Bug Bounty Disclosure: P4 – Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle –
Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle...
Year: 2025
BugCrowd Bug Bounty Disclosure: P4 – Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk – Epenetus-Matias-Putra
Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk Publicly editable Google...
BugCrowd Bug Bounty Disclosure: P4 – open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ – uko3211
open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ Researcher: uko3211 Engagement: National Aeronautics and Space Administration...
BugCrowd Bug Bounty Disclosure: P5 – internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) – Theekshana_kusal
internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) Researcher: Theekshana_kusal Engagement: National...
BugCrowd Bug Bounty Disclosure: P5 – Directory Listing Vulnerability – Vinit06
Directory Listing Vulnerability Directory Listing Vulnerability Researcher: Vinit06 Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
Adobe Monthly Security Update (August 2025)
Adobe has released monthly security update for their products: Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)Adobe Commerce Medium RiskDenial of Service Elevation of...
CVE Alert: CVE-2025-54479 – F5 – BIG-IP
CVE-2025-54479 HIGHNo exploitation known When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile,...
CVE Alert: CVE-2025-54854 – F5 – BIG-IP
CVE-2025-54854 HIGHNo exploitation known When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a...
CVE Alert: CVE-2025-54858 – F5 – BIG-IP
CVE-2025-54858 HIGHNo exploitation known When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content...
CVE Alert: CVE-2025-53868 – F5 – BIG-IP
CVE-2025-53868 HIGHNo exploitation known When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP...
Dgx Spark, Nvidia’s Tiniest Supercomputer, Tackles Large Models At Solid Speeds
hands on Nvidia bills its long-anticipated DGX Spark as the "world's smallest AI supercomputer," and, at $3,000 to $4,000 (depending...
Hello Cake – 22,907 breached accounts
HIBP In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted...
Prosper – 17,605,276 breached accounts
HIBP In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure...
CVE Alert: CVE-2025-46706 – F5 – BIG-IP
CVE-2025-46706 HIGHNo exploitation known When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can...
CVE Alert: CVE-2025-53474 – F5 – BIG-IP
CVE-2025-53474 HIGHNo exploitation known When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause...
CVE Alert: CVE-2025-48008 – F5 – BIG-IP
CVE-2025-48008 HIGHNo exploitation known When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed...
CVE Alert: CVE-2025-53856 – F5 – BIG-IP
CVE-2025-53856 HIGHNo exploitation known When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object...
CVE Alert: CVE-2025-53521 – F5 – BIG-IP
CVE-2025-53521 HIGHNo exploitation known When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause...
CVE Alert: CVE-2025-11722 – ikhodal – Woocommerce Category and Products Accordion Panel
CVE-2025-11722 HIGHNo exploitation known The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion...
CVE Alert: CVE-2025-41430 – F5 – BIG-IP
CVE-2025-41430 HIGHNo exploitation known When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to...
CVE Alert: CVE-2025-10743 – maycorolbuche1 – Outdoor
CVE-2025-10743 HIGHNo exploitation known The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all...
CVE Alert: CVE-2025-11177 – tbenyon – External Login
CVE-2025-11177 HIGHNo exploitation known The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in...
CVE Alert: CVE-2025-10754 – geolocationtechnology – DocoDoco Store Locator
CVE-2025-10754 HIGHNo exploitation known The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
CVE Alert: CVE-2025-10293 – nexist – Keyy Two Factor Authentication (like Clef)
CVE-2025-10293 HIGHNo exploitation known The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via...
