EUVD-2020-0266

Malware in sbrugna...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

DoS due to unrestricted hashing

Description The application accepts strings of any size as passwords and processes hashes the string to check in the database if the user exists, for example upon login. Being the hashing process resource-intensive, it can be possible to cause Denial of Service without particular processing power...

DailyMotion Hacked — 85 Million User Accounts Stolen

Another day, another data breach. This time a popular video sharing platform DailyMotion has allegedly been hacked and tens of millions of users information have been stolen. Breach notification service LeakedSource announced the data breach on Monday after the company obtained 85.2 Million recor...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. "We sen...

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts, GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. “We sen...

LivingSocial Ups its Password Encryption After Breach

The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish’s bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail...