16 matches found
EUVD-2024-0706
Malicious code in bioql PyPI...
CVE-2023-34089
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...
CVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems TDSes. The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS...
SMS Scam Uses Elon Musk’s Name to Sell Fake Energy Devices to US Users
Fake Elon Musk endorsements are used in SMS campaigns to sell bogus energy-saving devices. Learn how to spot…...
Race condition in Endorsements
Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...
GHSA-R275-J57C-7MF2 Race condition in Endorsements
Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition in the endorsement of resources, such as a proposal, which allows a user to make more than one endorsement by sending the request to set an endorsement several times in parallel. Workaround This vulnerability can be...
CVE-2023-47634 Decidim has race condition in Endorsements
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the external link redirections. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this...
Decidim Cross-site Scripting vulnerability in the processes filter
Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...
PT-2023-23967 · Decidim · Decidim
Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The external link feature in Decidim is susceptible to cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...
Exceptional Brand Experiences Go Far Beyond the 30-Second Super Bowl Ad
Super Bowl LVI is almost here, and with that comes one of my favorite pastimes: watching the commercials! And you know I’m not alone — 30% of viewers tune in to the big game primarily to see the commercials, upping the pressure on CMOs to “get it right.” But winning the hearts and minds of the mo...
Watch out: Fake celebrity endorsements advertising Bitcoin scam
By Waqas Bitcoin is on the rise once again, and investors are anxious to see just how high it will go. Scammers are doing whatever it takes to steal it from you. This is a post from HackRead.com Read the original post: Watch out: Fake celebrity endorsements advertising Bitcoin scam...
There’s a hole in my bucket: Bitcoin scams aim to exploit volatile market
Bitcoin! Black gold! Texas tea! Only one of these is currently worth ridiculous amounts of money and technically numbers two and three are the same thing. Whether you're in possession of lots of Bitcoins, or in full bandwagon panic "must buy 20 graphics cards before the bubble bursts" mode, you...
The Endorser - An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills. Check out the example digraph, which is based on mine and my colleagues David Prince LinkedIn profile. By glancing at the visualisation you can easily see, by the number of "arrows", there ...