EUVD-2024-47419

Malicious code in bioql PyPI...

EUVD-2021-34096

Malicious code in bioql PyPI...

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

Conduit Security Vulnerabilities

Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in Conduit v0.7.0 and earlier versions, which stems from a lack of authorization in the API, allowing elevation of privileges and running commands to reset passwords...

Conduit Security Vulnerabilities

Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in versions prior to Conduit v0.8.0 that stems from an unauthenticated source in the federated API, resulting in any remote server being able to impersonate any user in a...

PT-2024-37524 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit versions v0.6.0 and lower Description: The issue is related to a lack of privilege checking when processing a redaction, allowing a local user to redact any message from users on the same server if they can send redaction events...