DRUPAL-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

FastChat has a Content Moderation Bypass via Arena Side-by-Side Views

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

GHSA-F3Q6-69F3-VWCH FastChat has a Content Moderation Bypass via Arena Side-by-Side Views

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

DRUPAL-CONTRIB-2026-006

This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to...

PT-2026-5242

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4 Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages,...

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S...

Grok apologizes for creating image of young girls in “sexualized attire”

Another AI system designed to be powerful and engaging ends up illustrating how guardrails routinely fail when development speed and feature races outrun safety controls. In a post on X, AI chatbot Grok confirmed that it generated an image of young girls in “sexualized attire.” The potential...

Jailbreaking Attacks Vs. Content Safety Filters: How Far Are We in the LLM Safety Arms Race?

As large language models LLMs are increasingly deployed, ensuring their safe use is paramount. Jailbreaking, adversarial prompts that bypass model alignment to trigger harmful outputs, present significant risks, with existing studies reporting high success rates in evading common LLMs. However,...

CVE-2025-65113

ClipBucket v5 contains an authorization bypass in the AJAX flagging system that allows any unauthenticated user to flag content (users, videos, photos, collections). Affected versions are prior to 5.5.2; this issue can enable mass flagging and moderation abuse. The vulnerability has been patched ...

EUVD-2025-199885

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...

What’s there to save about social media? (Lock and Code S06E20)

This week on the Lock and Code podcast … "Connection" was the promise—and goal—of much of the early internet. No longer would people be separated from vital resources and news that was either too hard to reach or made simply inaccessible by governments. No longer would education be guarded behind...

Understanding Content Moderation Policies and User Experiences in Generative AI Products

While recent research has focused on developing safeguards for generative AI GAI model-level content safety, little is known about how content moderation to prevent malicious content performs for end-users in real-world GAI products. To bridge this gap, we investigated content moderation policies...

Talking Transactions: Decentralized Communication through Ethereum Input Data Messages (IDMs)

Can you imagine, blockchain transactions can talk! In this paper, we study how they talk and what they talk about. We focus on the input data field of Ethereum transactions, which is designed to allow external callers to interact with smart contracts. In practice, this field also enables users to...

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbe...

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...

Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

Durov has reportedly been detained in France over Telegram’s alleged failure to adequately moderate illegal content on the messaging app. His arrest sparked backlash and left some associates asking, what now?...

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said t...

Authorization Bypass

Drupal is vulnerable to an Authorization Bypass. The vulnerability is due to the content moderation module failing to check a user's access to use certain transitions, potentially allowing unauthorized access to restricted translations...

Drupal Content moderation Access bypass

In some conditions, drupal content moderation fails to check a users access to use certain transitions, leading to an access bypass...