LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...

EUVD-2023-45572

Malicious code in bioql PyPI...

Privilege escalation

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

Tasks 9.7.3 - Insecure Permissions Vulnerability

Exploit Title: Tasks 9.7.3 - Insecure Permissions Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link: https://github.com/tasks/tasks...