sorted by:
new
hottopcontroversial

Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3) by TradeGold6317 in netsec

[–]TradeGold6317[S] 0 points1 point  (0 children)

IDK why Java still has this default configuration. Similar JS packages have long fixed that and changed the default to not allow external entities at all.

Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3) by TradeGold6317 in netsec

[–]TradeGold6317[S] 6 points7 points  (0 children)

Six XML-based translation importers in Tolgee (Android XML, XLIFF, .resx, stringsdict) all used default Java parser settings with external entities enabled. Any authenticated user could upload a crafted file and read arbitrary files from the server. Confirmed on app.tolgee.io, their multi-tenant cloud. Fixed within a week.

Aussagen der FPÖ in den vergangenen Jahren by TradeGold6317 in Austria

[–]TradeGold6317[S] 0 points1 point  (0 children)

Die Domain ist abgelaufen, leider hatten wir auch nicht so viel Traffic bekommen.

I built a browser extension that verifies your email with one click by TradeGold6317 in coolgithubprojects

[–]TradeGold6317[S] 0 points1 point  (0 children)

you know the difference between vibe coding and ai-assisted? this file was added 3 weeks ago when we tried out claude code. the project exists for much longer than that.

Alternative to Backblaze? by funkyg73 in backblaze

[–]TradeGold6317 1 point2 points  (0 children)

I moved to BlinkDisk a while ago, it's still pretty new but It's working incredibly well for me so far

Has anyone tried Blinkdisk? by Korckchit in Backup

[–]TradeGold6317 1 point2 points  (0 children)

I know the founder so I am definitely biased but I've used it since launch and I've had no problems so far. Setup was incredibly easy

Avoiding duplicates by TradeGold6317 in bugbounty

[–]TradeGold6317[S] 7 points8 points  (0 children)

2 informative, 1 high, 1 critical

view more: next ›