358 matches found
CVE-2026-25519
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2025-62487
CVE-2025-62487 affects Palantir Dossier and Slides apps (Dossier front-end). Root cause: a May 2025 change intended to enable cross-artifact file sharing caused uploads to not be properly marked with security levels. In CBAC-enabled deployments, a security picker dialog lets users set the level, ...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-23919
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through = 0.0.39...
PT-2026-1839
Name of the Vulnerable Software and Affected Versions Palantir Dossier and Slides apps affected versions not specified Description Images uploaded through the Dossier front-end app were not consistently marked with the correct security levels. This issue stemmed from a change implemented in May...
EUVD-2025-175937
Malicious code in titan-fusion-virgo-slides npm...
EUVD-2025-176273
Malicious code in spawn-webpack-nightwatch-slides npm...
EUVD-2025-176036
Malicious code in technosignature-quark-quito-slides npm...
MAL-2025-186330 Malicious code in cosmiconfig-gatsby-janus-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d569a94adf638e19a24f0f06a1a6a865fbf7a01e48a5109520fe71f210a2307f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177559
Malicious code in node-sass-slides-koa-hexo npm...
Malicious code in sadr-membrane-slides-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9f5afa3f0909d32cb9061af02d912fe9587dcc198b2456101683b37f285bbb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in relay-slides-kinetic-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7388419bf031b3ce6ff52f012ff998a88362e853ce154c3126e5a055ef8f8359 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-galaxy-writable-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38258b4baa1561b71fdae66ddb0bd2ac471ea1659801128433146ac90ecd09b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179552
Malicious code in cosmiconfig-gatsby-janus-slides npm...
EUVD-2025-175909
Malicious code in transform-galaxy-writable-slides npm...
EUVD-2025-176156
Malicious code in subscription-asteroid-paleoanthropology-slides npm...
EUVD-2025-179625
Malicious code in commitlint-slides-octans-resolvers npm...
EUVD-2025-176345
Malicious code in slides-photon-nightwatch-stratigraphy npm...