25 matches found
[SECURITY] Fedora 42 Update: xmedcon-0.25.3-1.fc42
This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...
EUVD-2025-3998
Malicious code in bioql PyPI...
EUVD-2025-3981
Malicious code in bioql PyPI...
CVE-2025-24973
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24900
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24900
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24973 Concorde not removing authentication tokens after logging out
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24973 Concorde not removing authentication tokens after logging out
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24973
CVE-2025-24973 (Concorde/Nexkey) affects Concorde versions prior to 12.25Q1.1. The root cause is an improper logout implementation where authentication credentials remain in cookies after logout, potentially allowing an attacker to steal tokens. Impact is severe if a user with admin privileges is...
CVE-2025-24973 Concorde not removing authentication tokens after logging out
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24900
Concorde (Nexkey) vulnerability: lack of CSRF protection and misconfigured cookies for MediaProxy authentication allow bypassing authentication, enabling image loading without restrictions. Affects versions prior to 12.25Q1.1 (SameSite attribute missing); prior to 12.24Q2.3 the same cookie also a...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
Concorde 代码问题漏洞
Concorde Nexkey is an application for nexryai individual developers. A code issue vulnerability exists in Concorde prior to version 12.25Q1.1 that stems from an improperly implemented logout process where authentication credentials remain in a cookie, potentially allowing an attacker to steal...
PT-2025-6251 · Concorde · Concorde
Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1 Description: The issue arises from an improper implementation of the logout process, causing authentication credentials to remain in cookies even after a user has explicitly logged out. This may allow an...
Concorde 跨站请求伪造漏洞
Concorde Nexkey is an application by nexryai individual developers. A cross-site request forgery vulnerability exists in Concorde version 12.24Q4.2, which stems from a lack of CSRF countermeasures and improper cookie settings, and could allow an attacker to bypass MediaProxy authentication to loa...
[SECURITY] Fedora 40 Update: xmedcon-0.24.0-1.fc40
This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...
concorde-hotels.de Cross Site Scripting vulnerability OBB-3910419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
concorde-air.ru Cross Site Scripting vulnerability OBB-3718752
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...