Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem

The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...

EUVD-2020-29060

Malware in sbrugna...

CVE-2020-8179

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...

Nextcloud Deck Access Control Error Vulnerability

Nextcloud Deck is a Kanban-style organization tool developed by Nextcloud, Inc. designed for individual planning and project organization for teams integrated with Nextcloud. An access control vulnerability exists in Nextcloud Deck version 1.0.0. An attacker can exploit the vulnerability to injec...

CVE-2020-8179

CVE-2020-8179 affects Nextcloud Deck 1.0.0. The root cause is an improper access control in the deck task/move flow: updating a card’s stackId via /apps/deck/cards/{id} does not enforce that the destination belongs to the requester, allowing an attacker to inject tasks into another user’s deck. T...