14 matches found
CVE-2026-5749
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...
CVE-2025-60511
The CVE-2025-60511 instance affects Moodle OpenAI Chat Block plugin 3.0.1, with an Insecure Direct Object Reference (IDOR) due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user’s block (e.g., admini...
EUVD-2014-8024
Malware in sbrugna...
VulnCheck KEV: CVE-2024-29030
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file...
CVE-2025-7001
GitLab CE/EE is affected by CVE-2025-7001: versions 15.0–before 18.0.5, 18.1–before 18.1.3, and 18.2–before 18.2.1 expose a vulnerability where privileged users can access certain resource_group information via the API that should be unavailable. Root cause: insufficient access control granularit...
MAL-2025-6146 Malicious code in airbnb-api-resource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6e5aa735ca90e3d4b1c2b9ddae5bf3ed653d41adb73daa46efc83ec5598561 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in airbnb-api-resource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6e5aa735ca90e3d4b1c2b9ddae5bf3ed653d41adb73daa46efc83ec5598561 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
How to Update Location Profile Endpoint Details and Preserve Access to an Existing Kopia Storage Repository
Purpose This article documents the correct procedure to update the Endpoint details in the Location Profile for an existing Kopia storage repository in S3-compatible stores and ensure the existing associated repositories remain accessible. Customers may wish to update the Endpoint details e.g.,...
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file...
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file...
memos 安全漏洞
memos is an open source hosted memos center with knowledge management and social features. A security vulnerability exists in memos version 0.13.2, which originates in /api/resource and allows authenticated users to enumerate the internal network...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
openSUSE Security Update : virtualbox (openSUSE-2020-1486)
This update for virtualbox fixes the following issues : Update to Oracle version 6.1.14a. This minor update enables the building of libvirt again. Version update to 6.1.14 released September 04 2020 by Oracle File 'fixvirtiobuild.patch' is added to fix a build problem. This is a maintenance...
CVE-2018-20061
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that...