PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

PT-2025-53050

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mt76 mt7921 driver related to handling of transmit status txs in AMSDU Aggregated Multiple Small Data Units. If frames are aggregated in AMSDU, txs ma...

CVE-2023-23933

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

GHSA-VGGM-3478-VM5M Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

CVE-2023-23933

CVE-2023-23933 concerns OpenSearch Anomaly Detection: the plugin improperly applies document- and field-level restrictions, allowing users with the Anomaly Detector role to read aggregated numerical data from restricted fields. This affects authenticated users who already had read access to the r...

PT-2023-19306 · Unknown +2 · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.8 OpenSearch versions prior to 2.6.0 Description: There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can...

HackerOne: Private information exposed through GraphQL search endpoints aggregates

Private information could be exposed through the aggs argument on the search and opportunitiessearch endpoints on the GraphQL root node, allowing for the potential exposure of private program handles and other data that can be aggregated...

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its...

Get Free VPN Service With New PornHub App

Pornhub wants you to keep your porn viewing activities private, and it is ready to help you out with its all-new safety and privacy free VPN service. Yes, you heard that right. Adult entertainment giant Pornhub that allows porn videos download has launched its very own free VPN service today with...