Missing Authentication for Critical Function

Overview @grackle-ai/powerline is a gRPC PowerLine server for Grackle AI agent integration Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the PowerLine gRPC server when when --token is not provided and GRACKLEPOWERLINETOKEN is not set. An...

@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

EUVD-2023-44188

Malicious code in bioql PyPI...

CVE-2023-3532

Cross-site Scripting XSS - Stored in GitHub repository outline/outline prior to 0.70.1...

CVE-2023-3532

Cross-site Scripting XSS - Stored in GitHub repository outline/outline prior to 0.70.1...

CVE-2023-3532 Cross-site Scripting (XSS) - Stored in outline/outline

Cross-site Scripting XSS - Stored in GitHub repository outline/outline prior to 0.70.1...

outline 跨站脚本漏洞

outline is an American outline open source used to provide the fastest wiki and knowledge base for growing teams. A cross-site scripting vulnerability exists in versions prior to outline 0.70.1, which stems from vulnerability to stored cross-site scripting XSS attacks...