71 matches found
EUVD-2026-9608
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: fr...
CVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...
PT-2025-52485
Name of the Vulnerable Software and Affected Versions Galette versions 0.9.6 through 1.1.9 Description Galette is a membership management web application designed for non-profit organizations. Individuals with the 'group manager' role can circumvent intended restrictions, enabling unauthorized...
Galette 安全漏洞
Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette versions prior to 1.2.0, which stems from elevated privileges that can be granted through a spoofed POST request...
Galette 安全漏洞
Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette version 1.1.4 through versions prior to 1.2.0, which stems from the possibility that group administrators may bypass restrictions on contributions and...
From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report...
CVE-2025-48076
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...
CVE-2025-48884
Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...
CVE-2025-48076
Galette (open-source membership management app) contains a cross-site scripting (XSS) vulnerability in versions 1.1.5.2 and earlier, arising from the ability to edit a group name and insert an XSS payload. The issue is resolved in version 1.2.0. No exploitation details are provided beyond the XSS...
Galette 安全漏洞
Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette 1.1.5.2 and earlier versions, which stems from Document Type being vulnerable to cross-site scripting attacks...
EUVD-2021-28304
Malicious code in bioql PyPI...
EUVD-2021-28305
Malicious code in bioql PyPI...
EUVD-2021-8668
Malicious code in bioql PyPI...
EUVD-2024-22151
Malicious code in bioql PyPI...
Free certificates for IP addresses: security problem or solution?
Let’s Encrypt has announced its issued its first certificate for an IP address. Why that’s significant deserves a little explanation. You may have run into Let’s Encrypt certificates many times without realizing it. When you see a padlock icon in your browser’s address bar, it means the site is...
Moving from WhatsApp to Signal: A good idea?
This week we learned that the US Government uses Signal for communication, after a journalist was accidentally added to a Signal chat. Accidental additions of people aside, the news has got regular folks asking if they should, too, be using Signal for private communications. Probably the largest...
CVE-2024-24761
Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to...
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy non-profit None of Your Business noyb has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an...
Non-Profit Blood Center OneBlood Recovering from Cripping Ransomware Attack
The non-profit blood donation service suffered a ransomware attack last week and has requested urgent and emergency blood…...
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb none of your business said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised a...