8 matches found
CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...
CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...
CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...
EUVD-2026-16614
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...
globaleaks-whistleblowing-software 输入验证错误漏洞
globaleaks-whistleblowing-software is an open-source anonymous whistleblowing platform developed by GLOBALEAKS. Versions of globaleaks-whistleblowing-software prior to version 5.0.89 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of...
GlobaLeaks: Since no defined tries for incorrect answer, an attacker can brute the answers and post a submission
Logic of the attack pass 50 answers for per token.. if within the 50 answers this can be increased for more success rate, if there's a valid. the token becomes usable. and then submit the submission POST data. Screenshot of script running F733033 Screenshot of inbox F733034 Mitigation This can be...
Open-Source Whistleblowing Framework: GlobaLeaks
GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights . It is an Open Whistleblowing Framework that can be used in many different usage scenarios that may require very...
GlobaLeaks: GlobaLeaks is vulnerable to timing attacks.
Dear GlobaLeaks bug bounty team, GlobaLeaks is vulnerable to timing attacks, because the checkpassword function performs a byte-by-byte comparison, which terminates early when two characters do not match. Summary --- Timing attacks are a type of side channel attack where one can discover valuable...