21 matches found
CVE-2025-62487
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
EUVD-2025-206271
Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...
CVE-2025-62487
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487
CVE-2025-62487 affects Palantir Dossier and Slides apps (Dossier front-end). Root cause: a May 2025 change intended to enable cross-artifact file sharing caused uploads to not be properly marked with security levels. In CBAC-enabled deployments, a security picker dialog lets users set the level, ...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
Palantir Gotham和Palantir Dossier 安全漏洞
Palantir Gotham and Palantir Dossier are both products of Palantir Corporation, a U.S.-based company.Palantir Gotham is a commercially available, artificial intelligence-enabled operating system.Palantir Dossier is a writing survey and dynamic reporting tool. A security vulnerability exists in...
PT-2026-1839
Name of the Vulnerable Software and Affected Versions Palantir Dossier and Slides apps affected versions not specified Description Images uploaded through the Dossier front-end app were not consistently marked with the correct security levels. This issue stemmed from a change implemented in May...
What LLMs Know About Their Users
Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...
Malicious code in cmp-dossier-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca47cddd0ff04336d55d7da2799d42183ab77e8b7270202739f7728e7904f712 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1577 Malicious code in cmp-dossier-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca47cddd0ff04336d55d7da2799d42183ab77e8b7270202739f7728e7904f712 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
dossierpolitico.com Cross Site Scripting vulnerability OBB-3900986
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dossier-z.be Cross Site Scripting vulnerability OBB-3298130
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Maigret - OSINT Username Checker. Collect A Dossier On A Person By Username From A Huge Number Of Sites
The Commissioner Jules Maigret is a fictional French police detective, created by Georges Simenon. His investigation method is based on understanding the personality of different people and their interactions. About Purpose of Maigret - collect a dossier on a person by username only , checking fo...
CVE-2020-24815
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
GHSA-C8H6-89Q2-MGV8 Malicious Package in dossier
Version 0.0.4 of dossier contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you will wan...
Malicious Package in dossier
Version 0.0.4 of dossier contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you will wan...
Malicious Package
Overview Version 0.0.4 of dossier contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you...