How to Investigate ChatGPT activity in Google Workspace

When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see...

Malicious code in stedi-integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b00a7c7aa40df7ec3808ab68391a9194f7441a10b24ce192d16f96277d4ba4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8885 Malicious code in stedi-integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b00a7c7aa40df7ec3808ab68391a9194f7441a10b24ce192d16f96277d4ba4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

CVE-2024-42364

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-6568

The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated...

CVE-2024-39400 DOM XSS through integrations can impact other admins

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session...

MAL-2024-7911 Malicious code in @awesome-astra/integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90df5c315cd0f716f906b96b9472e378345b1862657df527b2b3c152ca1d3005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-35341 · Akana · Akana Api Platform

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue concerns overly verbose errors found in SAML integrations. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...

SUSE CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

DEBIAN-CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

Malicious code in recurly-integrations (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2948 Malicious code in recurly-integrations (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2528 Malicious code in integrations (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

BIT-GITLAB-2023-6682 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

CVE-2024-34755 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9...

GitLab 16.9 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2023-6682)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with t...

CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from an issue wit...