358 matches found
CVE-2026-25519
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...
CVE-2025-62487
CVE-2025-62487 affects Palantir Dossier and Slides apps (Dossier front-end). Root cause: a May 2025 change intended to enable cross-artifact file sharing caused uploads to not be properly marked with security levels. In CBAC-enabled deployments, a security picker dialog lets users set the level, ...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-23919
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through = 0.0.39...
PT-2026-1839
Name of the Vulnerable Software and Affected Versions Palantir Dossier and Slides apps affected versions not specified Description Images uploaded through the Dossier front-end app were not consistently marked with the correct security levels. This issue stemmed from a change implemented in May...
EUVD-2025-176036
Malicious code in technosignature-quark-quito-slides npm...
EUVD-2025-177559
Malicious code in node-sass-slides-koa-hexo npm...
Malicious code in sadr-membrane-slides-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9f5afa3f0909d32cb9061af02d912fe9587dcc198b2456101683b37f285bbb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in relay-slides-kinetic-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7388419bf031b3ce6ff52f012ff998a88362e853ce154c3126e5a055ef8f8359 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176156
Malicious code in subscription-asteroid-paleoanthropology-slides npm...
EUVD-2025-175909
Malicious code in transform-galaxy-writable-slides npm...
EUVD-2025-176345
Malicious code in slides-photon-nightwatch-stratigraphy npm...
Malicious code in isostasy-slides-augmentedreality-jabbah (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c520fdb6218dccc2dc1ade6fa90c7843862fb37f3d60582efabe4b3962017e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177641
Malicious code in nestjs-postcss-loader-slides-spinner npm...
Malicious code in spawn-webpack-nightwatch-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 318806806d481ef740dd17c622bc164b94a295e29a9282fc7c00d3951dfeaee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178983
Malicious code in exobiology-callback-commitlint-config-angular-slides npm...
EUVD-2025-178866
Malicious code in forever-zephyr-pavo-slides npm...
EUVD-2025-177546
Malicious code in nodemon-slides-frontend-tethys npm...