Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

GHSA-95Q8-X6R6-672M Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

Malicious code in modlog-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3bc2d1d981039b25af543c99dcd5081c70b24b7ee9c3eb7d68b3c96003bd4a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10575 Malicious code in modlog-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3bc2d1d981039b25af543c99dcd5081c70b24b7ee9c3eb7d68b3c96003bd4a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VBulletin 1.0.1 lite/2.x/3.0 /admincp/modlog.php orderby Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...