5 matches found
CVE-2026-40259
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...
Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public
WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji...
National Keep CyberMath 安全漏洞
National Keep CyberMath is a cybersecurity risk analysis tool for organizations from National Keep. A security vulnerability exists in versions prior to National Keep CyberMath CYBM.240816253, which stems from the presence of an external-party-accessible file or directory vulnerability that could...
CVE-2024-3717
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wpdndcf7uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to...
URL Shorteners Put Private Cloud Data at Risk
URL shorteners are convenient, but for a long time gave security practitioners anxiety because it was difficult to determine where the shortened address was taking you. Two researchers have now given you new reasons to fear URL shorteners, especially for those storing and sharing data on...