Four Ways AI Is Being Used to Strengthen Democracies Worldwide

Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from A...

EUVD-2024-2253

Malicious code in bioql PyPI...

EUVD-2024-3017

Malicious code in bioql PyPI...

EUVD-2023-1946

Malicious code in bioql PyPI...

EUVD-2024-0744

Malicious code in bioql PyPI...

Clio-X: AWeb3 Solution for Privacy-Preserving AI Access to Digital Archives

As archives turn to artificial intelligence to manage growing volumes of digital records, privacy risks inherent in current AI data practices raise critical concerns about data sovereignty and ethical accountability. This paper explores how privacy-enhancing technologies PETs and Web3 architectur...

CVE-2024-45594

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0...

CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0...

CVE-2024-45594

CVE-2024-45594 affects the Decidim framework, specifically the online/hybrid meeting embeds feature. A cross-site scripting (XSS) flaw can be triggered via a malformed URL in the meeting embeds code. The vulnerability is fixed in Decidim releases 0.28.3 and 0.29.0. If you use decidim-meetings, up...

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

CVE-2024-41673

CVE-2024-41673 affects the Decidim framework; a cross-site scripting (XSS) vulnerability exists in the version-control feature used for resources. The issue is observable across multiple Decidim components referenced in connected docs (e.g., decidim-debates, decidim-initiatives, decidim-proposals...

CVE-2024-32034

Summary: CVE-2024-32034 is a cross-site scripting (XSS) vulnerability in the Decidim admin activity log when an admin assigns a valuator to a proposal or performs an action that creates an admin log with an XSS payload. Affected versions: Decidim before 0.27.7 and before 0.28.2 (with fixes in 0.2...

CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

CVE-2024-32469

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-32469

Decidim core/package suffers an XSS vulnerability in pagination via the GET parameter per_page. Affected versions include older Decidim releases; the issue is mitigated by upgrading to at least 0.27.6 or 0.28.1 (or higher). Public docs from Red Hat, GitHub advisories, and CVE references confirm t...

CVE-2024-27095

CVE-2024-27095 affects the Decidim admin panel with a cross-site scripting (XSS) flaw that can be triggered when an attacker modifies records uploaded to the server. The issue is fixed in Decidim releases 0.27.6 and 0.28.1 (and related decidim-admin patches). Connected advisories consistently des...

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

CVE-2024-27090

CVE-2024-27090 affects the Decidim framework (Ruby on Rails). A vulnerability exists where an attacker who can infer the slug or URL of an unpublished/private resource that is embeddable (e.g., a Participatory Process, Assembly, Proposal, Result) could access data from that resource. The issue is...