EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

CVE-2026-22663 prompts.chat Authorization Bypass Information Disclosure

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

CVE-2026-22663 prompts.chat Authorization Bypass Information Disclosure

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

PT-2026-30227

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

EUVD-2010-2129

Malware in sbrugna...

EUVD-2023-35297

Malicious code in bioql PyPI...

Can Large Language Models Automate the Refinement of Cellular Network Specifications?

Cellular networks serve billions of users globally, yet concerns about reliability and security persist due to weaknesses in 3GPP standards. However, traditional analysis methods, including manual inspection and automated tools, struggle with increasingly expanding cellular network specifications...

Doppler Launches ‘Change Requests’ to Strengthen Secrets Management Security with Audited Approvals

San Francisco, United States / California, 3rd October 2024, CyberNewsWire...

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...

PT-2024-22374 · Puwell Cloud Tech Co · 360Eyes Pro

Name of the Vulnerable Software and Affected Versions: Puwell Cloud Tech Co, Ltd 360Eyes Pro version 3.9.5.16 Description: The issue allows attackers to intercept and access sensitive information because it transmits this data in cleartext. This includes users' credentials and password change...

Host Header Injection

pimcore/admin-ui-classic-bundle is vulnerable to Host Header Injection. The vulnerability is due to missing Host header validation. An attacker can a send password change requests to a user, specifying a "Host" header of a website they control, resulting in them receiving the password token,...

CVE-2023-46380

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

Default credentials

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

Palantir Apollo Cross-Site Scripting Vulnerability

Palantir is a data platform from US-based Palantir that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A cross-site scripting vulnerability exists in Palantir Apollo, which stems from a cross-site scripting XSS vulnerability i...

CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

CVE-2023-30959

CVE-2023-30959 affects Palantir Apollo: the vulnerability is a stored XSS in the Apollo change requests comments where a user-supplied javascript: URI can be rendered, triggering XSS that requires user interaction. The issue targets the change-requests comment workflow; root cause is the handling...