Towards a Cognitive-Support Tool for Threat Hunters

Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity, yet the cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools. Building on prior studies that examined how threat hunters construct and share...

EUVD-2017-15810

Malware in sbrugna...

EUVD-2024-19272

Malicious code in bioql PyPI...

EUVD-2025-8848

Malicious code in bioql PyPI...

EUVD-2023-36919

Malicious code in bioql PyPI...

EUVD-2022-45045

Malicious code in bioql PyPI...

EUVD-2023-36918

Malicious code in bioql PyPI...

EUVD-2023-26855

Malicious code in bioql PyPI...

EUVD-2023-51741

Malicious code in bioql PyPI...

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...

CVE-2025-30368 Zulip allows the deletion of organization by administrators of a different organization

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization wa...

Cross site scripting

Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is...

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

CVE-2022-31017

Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the...

CVE-2022-21706

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

webTareas Cross-Site Scripting Vulnerability (CNVD-2021-85276)

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas, which can be exploited by an attacker to store arbitrary web script or HTML by...

webTareas Code Issues Vulnerabilities

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...

webTareas path traversal vulnerability

webTareas is a Web-based open source collaboration tool. The product supports project management, bug tracking, content management and meeting management. webTareas version 2.0 has a path traversal vulnerability, which stems from the fact that the extpath parameter in generalserv .php is not...

XSS Vulnerability in Kingsoft Documents of Zhuhai Kingsoft Office Software Co.

Kingsoft Documents is a document creation tool that allows multiple people to collaborate on editing in real time. A XSS vulnerability exists in Kingsoft Document, which can be exploited by an attacker to obtain an administrator cookie...

CVE-2019-19857

Affected product: Serpico 1.3.0 (SimplE RePort wrIting and CollaboratiOn tool). Vulnerability: Admin can change their password without providing the current password via interfaces outside the Change Password screen. This bypasses the Old Password check and is noted to be problematic in conjuncti...