6 matches found
EUVD-2025-13874
Malicious code in bioql PyPI...
CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...
CVE-2025-46827
Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...
GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization
Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...
Malicious code in spotify-event-definitions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44be190dc2d81bf8efb26c95572826e1fba0946289786d53a3bb97290bf60b10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6253 Malicious code in spotify-event-definitions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44be190dc2d81bf8efb26c95572826e1fba0946289786d53a3bb97290bf60b10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...