ai_bouncer

AiBouncer AI-powered HTTP request classification for Ruby on...

EUVD-2025-18910

Malicious code in bioql PyPI...

CVE-2025-49590

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

CVE-2025-49590

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

CVE-2025-49590 CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

CryptPad 安全漏洞

CryptPad is a collaborative office suite from CryptPad Open Source. A security vulnerability exists in CryptPad versions prior to 2025.3.0, which stems from insufficient filtering of Link Bouncer functionality and could lead to cross-site scripting attacks...

[SECURITY] Fedora 41 Update: znc-1.9.1-4.fc41

ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few...

ZNC: Remote Code Execution

Background ZNC is an advanced IRC bouncer. Description ZNC's modtcl could allow for remote code execution via a KICK. Impact A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution. Workaround Unload the modtcl module. Resolution All ZNC users should upgrade to...

USN-6990-1 znc vulnerability

Johannes Kuhn DasBrain discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server...

GHSA-5CF7-CXRF-MQ73 Bostr Improper Authorization vulnerability

Even with authorizedkeys is filled with allowed pubkeys, If noscraper is enabled, It will allow anyone to use bouncer even it's pubkey is not in authorizedkeys. Impact - Private bouncer Patches Available on version 3.0.10 Workarounds Disable noscraper if you have authorizedkeys being set in confi...

Bostr Improper Authorization vulnerability

Even with authorizedkeys is filled with allowed pubkeys, If noscraper is enabled, It will allow anyone to use bouncer even it's pubkey is not in authorizedkeys. Impact - Private bouncer Patches Available on version 3.0.10 Workarounds Disable noscraper if you have authorizedkeys being set in confi...

SUSE CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...

MAL-2022-1659 Malicious code in bouncer-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba840a3603c5e477dbcc3b46d1e6b6ba1f80bb84474a2572278c7ac03817b78a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bouncer-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba840a3603c5e477dbcc3b46d1e6b6ba1f80bb84474a2572278c7ac03817b78a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory for znc (FEDORA-2020-12237dbae2)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for znc (FEDORA-2020-0091083d6d)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: znc-1.8.1-1.fc32

ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few...

[SECURITY] Fedora 31 Update: znc-1.8.1-1.fc31

ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few...

DEBIAN-CVE-2020-13775

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash with a NULL pointer dereference if echo-message is not enabled and there is no network...

[SECURITY] Fedora 30 Update: znc-1.7.5-1.fc30

ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few...