GHSA-GQQJ-85QM-8QHF Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Summary A Paperclip-managed codexlocal runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex. In my environment this enabled mailbox access and a real...

EUVD-2020-29753

Malware in sbrugna...

Information disclosure

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with...

A Peek into the Fake Review Marketplace

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist...

U.S. Dept Of Defense: Information disclosure on a DoD website

A Department of Defense website was mis-configured in a manner that could have exposed personal account information. @tsug0d was as able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us! LDAP Injection...

«МегаФон» Личный кабинет - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application «МегаФон» Личный кабинет published at the 'play' market has multiple vulnerabilities...