EUVD-2022-29630

Malicious code in bioql PyPI...

CVE-2025-46813

Discourse data-leak CVE-2025-46813 affects login-required sites deployed between 2025-04-30 12:00 EDT and 2025-05-02 12:00 EDT, where content on a site’s homepage could be visible to unauthenticated users. Affected are Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a...

Introducing the Rapid7 Command Platform

Integrated Security Operations for the Next-Generation Attack Surface As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of...

Warehouse Inventory System 跨站请求伪造漏洞

Warehouse Inventory System is a warehouse inventory management system for the OSWAPP community. A cross-site request forgery vulnerability exists in Warehouse Inventory System versions 1.0 and 2.0, which can be exploited by an attacker to cause cross-site request forgery...

OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

By Deeba Ahmed Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers. This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects...

BIT-DISCOURSE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...

CVE-2023-44388

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...

Answer vulnerable to account takeover because password reset links do not expire

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire...

answer authorization issue vulnerability

answer is an open source knowledge-based community software. answer 1.0.6 prior versions of the authorization problem vulnerability , the vulnerability stems from the request to set a new password in /answer/admin/api/user/password there is improper permission management , a low-privilege attacke...

answer cross-site scripting vulnerability (CNVD-2023-31164)

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.5. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by attackers to cause cross-site...

CVE-2022-24850 Category group permissions leaked in Discourse

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should...

GoodHound - Uses Sharphound, Bloodhound And Neo4j To Produce An Actionable List Of Attack Paths For Targeted Remediation

Attackers think in graphs, defenders think in actions, management think in charts. GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. Usage Quick Start For a very quick start with mo...

Command Execution Vulnerability in PHPWind

PHPWind is an open source community program based on PHP and MySQL. PHPWind suffers from a command execution vulnerability. An attacker can exploit this vulnerability to gain server privileges...

ThinkSAAS open source community ThinkSAAS has xss vulnerability

ThinkSAAS open source community is a lightweight open source community system , is a community system that can be used to build discussion groups , bbs and circles . thinksaas open source community thinksaas xss vulnerability , attackers can use the vulnerability to obtain sensitive information...

ReconCat - Tool To Fetch Archive Url Snapshots From Archive.org

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose. This application is powered byWMB-Scrapper Installation Clone this...

[SECURITY] Fedora 27 Update: libreoffice-5.4.5.1-1.fc27

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

The OpenSSL high-risk vulnerabilities Heartbleed emotion, analysis and recommendations-vulnerability warning-the black bar safety net

4 May 7, The exposure of the Heartbleed vulnerability number CVE-2 0 1 4-0 1 6 0 has been in the IT field especially in the field of information security caused by the great storm. In security circles mixed more than ten years, don't write something some say however go to. So today on this topic,...

[SECURITY] Fedora 18 Update: libreoffice-3.6.7.2-3.fc18

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

Secure Boot in Windows 8 Worries Researchers

Windows 8, like Windows 7 and Vista before it, is being touted as the most secure version of Windows ever. In past releases, many of the security improvements have come through exploit mitigations such as ASLR and DEP and better software security practices during development. In Windows 8, howeve...

Metasploit Launches Reward Program For Exploits

The team behind the Metasploit Project is launching its own version of a bug bounty program: cash payouts for working exploits. The group is hoping to get explit code for as many of its top 30 vulnerabilities as possible before the program expires later this summer. Metasploit has put together a...