Note Mark 加密问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.4 contained a security vulnerability related to encryption. This vulnerability stemmed from the JWTSECRET configuration value not having a mandatory minimum length or entropy,...

Note Mark 授权问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.3 had an authorization issue vulnerability. This vulnerability stemmed from the fact that notes and uploaded assets could still be accessed after public books were soft-deleted,...

EUVD-2007-1387

Malware in sbrugna...

EUVD-2021-0108

Malware in sbrugna...

EUVD-2023-42675

Malicious code in bioql PyPI...

EUVD-2023-32116

Malicious code in bioql PyPI...

Kapsch TrafficCom RIS-9160和Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO and the Kapsch TrafficCom RIS-9160 are both a road measurement unit from Kapsch TrafficCom, Austria, with functions of communication and co-management of connected vehicles in intelligent transportation. A security vulnerability exists in the Kapsch TrafficC...

Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO is a road measurement unit from Kapsch TrafficCom, Austria, with functions for communication and co-management of the vehicle network in intelligent transportation. A security vulnerability exists in the Kapsch TrafficCom RIS-9260 RSU LEO versions...

Malicious code in enlink-barrenos-leo (npm)

The package enlink-barrenos-leo was found to contain malicious code...

MAL-2025-25151 Malicious code in leo-password-reset-service (npm)

The package leo-password-reset-service was found to contain malicious code...

MAL-2025-19663 Malicious code in enlink-barrenos-leo (npm)

The package enlink-barrenos-leo was found to contain malicious code...

Brave Android 1.79.119 Security Fixes

Added a conditional host check in binding handlers as reported on HackerOne by newfunction. - Added frame host check for Leo IAP in binding receivers as reported on HackerOne by newfunction. Upgraded Chromium to 137.0.7151.68 — refer to Google Chrome advisories for inherited CVEs...

CVE-2024-42697

Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function...

CVE-2023-28420

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

CVE-2023-38915

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function...

CVE-2021-38157

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-23478

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

Brave Software: Prompt Injection via GitHub Patch in Brave AI Chat (Leo)

Component: Brave AI Chat brave-core/components/aichat/ Severity: High Confirmed ability to override AI instructions and persona via fetched content Vulnerability Summary The Brave AI Chat feature allows fetching .patch files from GitHub pull request pages to use as context. A combination of...

WordPress FluentSMTP plugin <= 2.2.82 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Leo in WordPress Plugin FluentSMTP versions = 2.2.82...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...