CVE-2025-66450

CVE-2025-66450 affects LibreChat. Versions 0.8.0 and below allow an attacker to modify the iconURL parameter in a POST request, causing malicious code to be stored in a chat and potentially shared with others. This can lead to privacy loss for users who view the shared chat link. The issue is add...

EUVD-2024-22479

Malicious code in bioql PyPI...

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

Brave Software: Open redirect due to scanning QR code via brave browser

An open redirect vulnerability was discovered in Brave's QR code scanner, which allowed attackers to direct users to malicious sites without their consent or knowledge. This vulnerability put the security of Brave users at risk and allowed them to be exposed to phishing and malware attacks. The...

CVE-2020-26896

Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...

2018: The year of the data breach tsunami

It’s tough to remember all of the data breaches that happened in 2018. But when you look at the largest and most impactful ones that were reported throughout the year, it paints a grim picture about the state of data security today. The consequences of major companies leaking sensitive data are...

Voice over LTE implementations contain multiple vulnerabilities

Overview Long Term Evolution LTE mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks n...

Ubuntu 10.04 LTS : net-snmp vulnerability (USN-946-1)

The SNMP server did not correctly validate certain UDP clients when using TCP wrappers. Under some situations, a remote attacker could bypass access restrictions and communicate with the SNMP server, potentially leading to a loss of privacy or a denial of service. Note that Tenable Network Securi...

Debian Security Advisory DSA 2366-1 (mediawiki)

The remote host is missing an update to mediawiki announced via advisory DSA 2366-1. OpenVAS Vulnerability Test $Id: deb23661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2366-1 mediawiki Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)

Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-2183 Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A...

USN-1256-1: Linux kernel (Natty backport) vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

Ubuntu Update for linux-lts-backport-maverick USN-1242-1

Ubuntu Update for Linux kernel vulnerabilities USN-1242-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12421.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-lts-backport-maverick USN-1242-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Ubuntu 10.10 : linux vulnerabilities (USN-1243-1)

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1)

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

Ubuntu Update for linux USN-1218-1

Ubuntu Update for Linux kernel vulnerabilities USN-1218-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12181.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1218-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1218-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

Ubuntu Update for linux USN-1211-1

Ubuntu Update for Linux kernel vulnerabilities USN-1211-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12111.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1211-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...