Acronis
#1070533 Acronis True Image 2021 (windows) does not validate server hostname on a login TLS connection
Elastic
#1218680 Improper authorization on /api/as/v1/credentials/ for Dev Role User with Limited Engine Access
/api/as/v1/credentials/
[#1245787 Swiftype] - Stored XSS via document field url triggers on https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>
url
https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>
Valve
【7500刀】#1295844 Modify in-flight data to payment provider Smart2Pay
今日最佳 Valve(steam平台的公司)价值7500刀的支付绕过漏洞
支付功能测试白皮书👇
https://www.nccgroup.com/globalassets/our-research/uk/images/common_security_issues_in_financially-orientated_web.pdf.pdf
GitHub - PortSwigger/turbo-intruder: Turbo Intruder is a Burp Suite extension for sending large numb 更新~
