Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users

A technical mistake in the popular Chat & Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud prior to 15.0.3, which stems from the fact that when jobs are misconfigured and therefore messages...

CVE-2022-31017 Expression Always True vulnerability in Zulip Server

Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the...