20 matches found
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
EUVD-2026-19062
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557
The CVE-2026-5557 entry concerns badlogic pi-mono up to version 0.58.4, affecting the pi-mom Slack Bot component’s file packages/mom/src/slack.ts. The documented issue results in an authentication bypass via an alternate channel, with remote execution possible. Public exploitation is noted. No ve...
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
EUVD-2024-30656
Malicious code in bioql PyPI...
EUVD-2025-6919
Malicious code in bioql PyPI...
CVE-2024-8065
A Cross-Site Request Forgery CSRF vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among...
CVE-2024-8065 CSRF in danswer-ai/danswer
A Cross-Site Request Forgery CSRF vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among...
CVE-2024-32881
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
CVE-2024-32881
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
CVE-2024-32881
CVE-2024-32881 affects Danswer (AI Assistant). The vulnerability allows unauthorized GET/SET access to Slack Bot Tokens, enabling token theft and full compromise of the customer’s Slack bot and internal Slack access. The issue is tied to Danswer versions prior to 3.63. Remediation from the connec...
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer has a security vulnerability that stems from Vulnerability to GET/SET unauthorized access to Slack Bot tokens...
PT-2024-24937 · Answer +1 · Answer +1
Name of the Vulnerable Software and Affected Versions: Danswer versions prior to 3.63 Description: Danswer, the AI Assistant connected to a company's documents, applications, and people, is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. This vulnerability allows anyone with...
Leaktopus - Keep Your Source Code Under Control
Keep your source code under control. Key Features Plug &Play - one line installation with Docker. Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com. Currently supports: GitHub Repositories Gists coming soon Paste sites e.g., PasteBin coming soon Filter results with a...
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...