CVE-2023-43793

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins

Sublime Security warns of a massive credential phishing scam using fake job offers from brands like KFC and Red Bull to steal Facebook login details. Don't fall for the trap...

EUVD-2023-48168

Malicious code in bioql PyPI...

EUVD-2024-52057

Malicious code in bioql PyPI...

EUVD-2023-33028

Malicious code in bioql PyPI...

MAL-2025-5455 Malicious code in red-bull-venue-tools (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in red-bull-venue-tools (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-24897

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

PT-2025-6244 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.109.0 through 2025.2.0-alpha.0 Description: Misskey is an open source, federated social media platform. Due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's...

PT-2025-6250 · Concorde · Concorde

Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1 Description: The issue arises from a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, allowing an attacker to bypass MediaProxy authentication. This enables the...

PT-2025-6243 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.109.0 through 2025.2.0-alpha.0 Description: Misskey is an open source, federated social media platform. A login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains...

CVE-2023-43793

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

CVE-2023-43793

Misskey before version 2023.9.0 is vulnerable: by editing the URL, an attacker can bypass authentication for the Bull dashboard (the job queue UI) and access it. The Red Hat, NVD, OSV, and other connected sources consistently describe this as an authentication bypass affecting Misskey prior to 20...

CVE-2023-43793 Misskey allows users to bypass authentication of Bull dashboard

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

CVE-2023-43793 Misskey allows users to bypass authentication of Bull dashboard

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

Misskey Authorization Issues Vulnerabilities

Misskey is a suite of micro-blogging platforms. An authorization issue vulnerability exists in versions of Misskey prior to 2023.9.0 that stems from the ability to bypass authentication in the Bull dashboard...

PT-2023-28985 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2023.9.0 Description: Misskey is an open source, decentralized social media platform. A user can bypass the authentication of the Bull dashboard, which is the job queue management UI, by editing the URL. This allows...

CVE-2023-29459

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

Malicious code in red-bull-global-onboarding (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fc2cabc6b5fc2953eeef7d540efd8cffef5aae91d5ec54c33eee91305b7007a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...