Finding a Heap Buffer Over-Read in ascii-view (CWE-125)

Read Now
research

Critical SQL Injection Vulnerability Discovered in HortusFox (pending CVE-2025-65298)

Severity: Critical (CVSS 8.8) Disclosure Type: Responsible Disclosure Overview During a security assessment of HortusFox, I identified a critical SQL injection vulnerability that allows any authenticated user to execute arbitrary SQL queries against the application’s database. This flaw enables attackers to extract sensitive data, modify or delete records, escalate privileges, and potentially take full control of the application. The vulnerability has been confirmed as exploitable, and a tested patch has been provided to the maintainers to enable rapid remediation.
#security #research #sqli #postgres #hacking #oss #cve
research

CVE-2025-64115: Unvalidated Referer Redirect & SSRF in Movary

While reviewing the **Movary** codebase, I discovered a **high-severity vulnerability** caused by **unvalidated use of the `HTTP_REFERER` header for redirects**. This design flaw allowed attackers to abuse application redirect behavior, enabling both **open redirect phishing campaigns** and **potential Server-Side Request Forgery (SSRF)** attacks. This issue was responsibly disclosed to the maintainers and has since been remediated.
#security #research #hacking #ssrf #webapps #api

Advertisement