135 matches found
Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?
The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...
S3C2 SICP Summit 2025-06: Vulnerability Response Summit
Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and...
EUVD-2018-1859
Malware in sbrugna...
EUVD-2025-20284
Malicious code in bioql PyPI...
EUVD-2024-17342
Malicious code in bioql PyPI...
Malicious code in dasnoo-discussions-list (npm)
The package dasnoo-discussions-list was found to contain malicious code...
MAL-2025-17981 Malicious code in dasnoo-discussions-list (npm)
The package dasnoo-discussions-list was found to contain malicious code...
CVE-2025-53532
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...
CVE-2025-53532 giscus allows unauthorized discussion creation
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...
CVE-2025-53532 giscus allows unauthorized discussion creation
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...
CVE-2025-53532 giscus allows unauthorized discussion creation
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own...
giscus 授权问题漏洞
giscus is an open source commenting system from giscus. An authorization issue vulnerability exists in giscus that originates from an unauthorized user being able to create a discussion on a repository where giscus is installed, potentially leading to unauthorized actions...
PT-2025-28222 · Giscus · Giscus
Name of the Vulnerable Software and Affected Versions: giscus affected versions not specified Description: A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which i...
Ubuntu Disables Spectre/Meltdown Protections
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are...
Understanding Content Moderation Policies and User Experiences in Generative AI Products
While recent research has focused on developing safeguards for generative AI GAI model-level content safety, little is known about how content moderation to prevent malicious content performs for end-users in real-world GAI products. To bridge this gap, we investigated content moderation policies...
CVE-2021-39904
An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestion...
The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence
Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...
CVE-2024-12863 Stored XSS in Discussions functionality
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system...
OpenText Content Management CE 跨站脚本漏洞
OpenText Content Management CE is an enterprise content management solution from OpenText Canada. A cross-site scripting vulnerability exists in OpenText Content Management CE versions 20.2 through 25.1, which stems from stored cross-site scripting in the Discussions feature that could lead to co...
CVE-2025-3620
creationtimestamp| type| source ---|---|--- 2025-04-16 01:07:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114344960148459261 2025-04-16 07:11:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lmvzyo7xik2r 2025-04-16 09:06:20+00:00| seen|...