31 matches found
CVE-2026-41275
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle...
Busting VPN myths: What a VPN can do for your privacy and what it can’t
Privacy Busting VPN myths: What a VPN can do for your privacy and what it can’t Share March 6th, 2026 If you’re reading this blog, you have probably heard of or used a VPN before. The truth is, VPNs are incredibly useful! They are one of the most effective tools for protecting your online privacy...
TOR Virtual Network Tunneling Tool 0.4.9.5
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
TOR Virtual Network Tunneling Tool 0.4.8.17
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
Checking in on the state of cybersecurity and the Olympics
With the 2024 Olympics Opening Ceremony only two weeks away now, there is one thing thats an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks. Every time there is a new Olympic Games, theres a renewed discussion about how threat actors,...
ALCASAR Security Vulnerabilities
ALCASAR is a free open source project from ALCASAR Open Source for managing Internet access on public, business or home networks. A security vulnerability exists in ALCASAR versions prior to 3.6.1 that stems from vulnerability to cross-site request forgery and remote code execution attacks...
Design/Logic Flaw
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...
[SECURITY] Fedora 33 Update: tor-0.4.5.7-1.fc33
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
[SECURITY] Fedora 33 Update: tor-0.4.4.6-1.fc33
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
[SECURITY] Fedora 32 Update: tor-0.4.4.6-1.fc32
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
GHSA-MF7C-58Q5-7V65 Downloads Resources over HTTP in npm-test-sqlite3-trunk
Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
[SECURITY] Fedora 30 Update: tor-0.4.2.7-1.fc30
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
CVE-2018-10928
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...
CVE-2018-10923
It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. Mitigation To limit exposure of glust...
[SECURITY] Fedora 28 Update: tor-0.3.4.11-1.fc28
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
CVE-2018-10929
A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on LAN and not...
CVE-2018-10904
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require...
CVE-2018-10927
A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on...
CVE-2018-15727
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Mitigation As per upstream Switch to authentication mechanism other than LDAP or OAuth Grafana...
CVE-2018-1112
It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. Mitigation 1. Use TLS Authentication to authenticate gluster clients to limit access to gluster...