16 matches found
SUSE CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
The Geomys Standard of Care
One of the most impactful effects of professionalizing open source maintenance is that as professionals we can invest into upholding a set of standards that make our projects safer and more reliable. The same commitments and overhead that are often objected to when required of volunteers should b...
EUVD-2014-3126
Malware in sbrugna...
EUVD-2025-2400
Malicious code in bioql PyPI...
EUVD-2021-29077
Malicious code in bioql PyPI...
EUVD-2023-58291
Malicious code in bioql PyPI...
BIT-GRAFANA-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
Securing the Frontier - Navigating Security in LLM-Integrated Systems
In the previous parts of this series, we've explored the exciting new ways Large Language Models LLMs can integrate with APIs and act as intelligent As we integrate LLMs deeper into our applications, the attack surface naturally expands...
CVE-2023-6033
Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType
Summary libxml2, Go JOSE, FreeType and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to memory exhaustion and a Denial of Service by sending numerous malformed tokens, and arbitrary code execution by writing up to 6 signed long integers out of bounds. This...
CVE-2024-8402
CVE-2024-8402 affects GitLab EE/CE, with input validation in the Google Cloud IAM integration allowing a Maintainer to inject malicious code in versions: 17.2–17.7.7, 17.8–17.8.5, and 17.9–17.9.2. Affected product: GitLab EE (and CE per sources) before the fixed releases. Root cause: input valida...
Important: NetworkManager-libreswan security update
This package contains software for integrating the libreswan VPN software with NetworkManager and the GNOME desktop Security Fixes: NetworkManager-libreswan: Local privilege escalation via leftupdown CVE-2024-9050 For more details about the security issues, including the impact, a CVSS score,...
Integration Status
The following integration was used and here are the results based on the intention of the integration type. Here is a brief description of success for each integration type. PAMs: To retrieve a target credential from the related PAM. MDMs: To retrieve devices from the related MDM. Patch Managemen...
GitLab: XSS in ZenTao integration affecting self hosted instances without strict CSP
Summary The ZenTao issue integration premium feature is susceptible to an XSS attack by delivering modified API responses to GitLab. This is related and similar to my report https://hackerone.com/reports/1533976 but this time affecting the ZenTao integration. A user can create a project and...
JetBrains TeamCity Security Bypass Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...
Bruce Schneier on the Integration of Privacy and Security
Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance...