231 matches found
EUVD-2019-18147
Malware in sbrugna...
EUVD-2025-14013
Malicious code in bioql PyPI...
EUVD-2023-33262
Malicious code in bioql PyPI...
EUVD-2025-8202
Malicious code in bioql PyPI...
EUVD-2022-5800
Malicious code in bioql PyPI...
EUVD-2022-2497
Malicious code in bioql PyPI...
EUVD-2022-0932
Malicious code in bioql PyPI...
EUVD-2024-1247
Malicious code in bioql PyPI...
EUVD-2022-28550
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-37384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. CVE-2024-37384 Note that Nessus relies on the presence ...
What LLMs Know About Their Users
Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...
CVE-2024-28949
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...
CVE-2024-23211
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings...
CVE-2022-24948
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users...
CVE-2021-29032
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI...
CVE-2020-0467
In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for...
CVE-2019-8757
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics...
CVE-2025-43926
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...
DEBIAN-CVE-2025-43926
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...
CVE-2025-43926
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...