EUVD-2009-2161

Malware in sbrugna...

EUVD-2024-1178

Malicious code in bioql PyPI...

EUVD-2024-46429

Malicious code in bioql PyPI...

PrivateGPT 安全漏洞

PrivateGPT is an AI project. PrivateGPT has a security vulnerability that stems from a lack of secure session management implementation and a weak CORS policy, resulting in a cross-site request forgery CSRF vulnerability. An attacker could use this vulnerability to trigger a data poisoning attack...

Weblate: Improper Cookie expiration | Cookies Expiration Set to Future

Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...