This page collects WhisperX intelligence signals tagged #software bug. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability has been exposed within an XSS scanner's core detection logic, rendering it blind to a textbook reflected cross-site scripting (XSS) attack. The scanner fails to identify the flaw on the standard security testing target, DVWA's `/vulnerabilities/xss_r/` endpoint, even when a simple `<script>ale...
A critical security vulnerability in the CombineHub and SignalRHub components allows any connected client to falsely acknowledge and suppress messages intended for other users. The flaw stems from the `AcknowledgeMessage` method, which accepts only a `requestId` without validating the caller's identity against the inte...
Ein aktuelles iOS-Update hat Nutzer ungewollt von ihren eigenen iPhones ausgesperrt. Nach der Installation von iOS 26.4 können betroffene Anwender ihre Geräte nicht mehr entsperren, weil ein kritisches Sonderzeichen von der Systemtastatur verschwunden ist. Dieser Bug macht es unmöglich, den korrekten Passcode einzugebe...
A critical security configuration flag in the token validation system is non-functional, creating a dangerous mismatch between user expectations and system behavior. The `require_https` boolean field on the `TokenValidationConfig` model is never read by the underlying validation pipeline. Users who explicitly set `requ...
A critical security flaw in the `PersistedReplayGuard.advance()` function creates a replay attack vulnerability. The bug stems from a fundamental design violation: the function increments an outbound message counter in memory *before* persisting the new value to storage. This sequence directly contradicts the safer per...
A critical security flaw in a game's main.py file allows attackers to inject malicious command-line arguments or crash the system through a denial-of-service (DoS) attack. The vulnerability stems from inadequate input validation for the paddle speed parameter, which is only checked to ensure it is a positive integer. T...