CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

EUVD-2024-2509

Malicious code in bioql PyPI...

EUVD-2024-2620

Malicious code in bioql PyPI...

CVE-2024-29029

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

CVE-2024-29029

Memos: CVE-2024-29029 describes an SSRF flaw at the /o/get/image endpoint in memos 0.13.2 that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is echoed into the current server response, enabling a reflected XSS. The vulnerab...

CVE-2024-29029 memos vulnerable to an SSRF in /o/get/image

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

Yunnan ChainDrop Technology Co., Ltd.'s Siyuan Notes Software Web Application Has XSS Vulnerability

SiYuan Notes Software Web App is a privacy-first personal knowledge management system that supports full offline use as well as end-to-end encrypted synchronization. Yunnan ChainDrop Technology Co., Ltd. has an XSS vulnerability in the Siyuan Notes Software Web application, which can be exploited...

Proton CAPTCHA: New Privacy-First CAPTCHA Defense Against Bots

By Waqas Meet new Proton CAPTCHA from Proton AG, a custom-built CAPTCHA system designed to thwart bots and spammers. Proton… This is a post from HackRead.com Read the original post: Proton CAPTCHA: New Privacy-First CAPTCHA Defense Against Bots...

How to Use DuckDuckGo’s Privacy-First Email Service

Tired of advertisers spying on your private communications? This beta promises to kick tracking technology to the curb...

Tips to protect your data, security, and privacy from a hands-on expert

This post was authored by one of the most active helpers on the Malwarebytes forums who wishes to remain anonymous. Back in the early days of personal computing, perhaps one of the only real concerns was data loss from a drive failure. That risk still exists, but we all face many other threats...

Tired of Gmail? Try a Privacy-First Email Provider

Your inbox holds plenty of sensitive information. Here are some alternatives that put your correspondence under lock and key...