GO-2026-4568 Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio

Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio...

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

AI-powered stuffed animals: A good alternative for screen time?

Are AI Artificial Intelligence-powered stuffed animals really the best alternative to screen time that we want to offer our children? Some AI startups think so. One of those startups is Curio, a company that describes itself as “a magical workshop where toys come to life.” Curio offers three...

Curio Quest - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Curio Quest published at the 'play' market has multiple vulnerabilities...