EUVD-2023-37368

Malicious code in bioql PyPI...

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

CVE-2024-28253

OpenMetadata (policy handling) is affected by a SpEL injection in PUT /api/v1/policies. The vulnerability arises because SpEL expressions are evaluated in PolicyRepository.prepare() before authorization checks, allowing an attacker to craft a policy payload that executes arbitrary code via a runt...

CVE-2024-21630

CVE-2024-21630 (Zulip) describes a flaw in Zulip 8.0 where non-admins can invite users and create multi‑use invitations, while only admins can invite users to streams. The vulnerability is limited to streams the inviter can already see and is not an arbitrary- stream invite. Version 8.1 fixes the...

CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

The Hand-y Etiquette of Modern All-Remote Culture

In today’s fast-paced digital world, remote work has become the new normal. With the rise of video conferencing platforms like Zoom and Microsoft Teams, we have adapted to an all-remote culture where communication is largely virtual. One aspect of this culture that has become increasingly importa...

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...

CVE-2023-22735

CVE-2023-22735 affects Zulip: prior to commit 2f6c5a8 but after 04cf68b, files uploaded with arbitrary Content-Type could be served from the Zulip hostname with Content-Disposition: inline and without a Content-Security-Policy header, enabling execution of arbitrary JavaScript in the Zulip contex...

Design/Logic Flaw

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...

7Rapid Questions With Our APAC Sales Manager, Soumi

For this installment of 7Rapid Questions, we sat down with Soumi Mukherjee, APAC Sales Manager - ANZ North Sales, to learn more about what drives her in her role at Rapid7. 1. Why did you join Rapid7? The truth is I joined for the people. I worked for a Rapid7 channel partner prior, and my...

Enalean Tuleap SQL Injection Vulnerability (CNVD-2021-103507)

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...

Enalean Tuleap Injection Vulnerability

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management, and team collaboration.Enalean Tuleap suffers from an...

2022 Planning: A First-Year CISO Shares Her Point of View

When you're planning for the year ahead in cybersecurity, there's always part of you that's trying to play fortune-teller. You know what risks matter now, and the processes and resources you need to respond to them, but what threats might emerge over the coming 12 months — or 12 weeks, for that...

Mitel Networks MiCollab Licensing Issue Vulnerability

An authorization issue vulnerability exists in Mitel Networks MiCollab, a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing, and team collaboration for employees, and stems from the product's MiCollab Client Service component does not validate...

Siemens Jt2go and Siemens Teamcenter Visualization Buffer Over Read Vulnerability (CNVD-2021-53362)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens AG, Germany. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. A buffer over-read vulnerability exists in...

Siemens Jt2go and Siemens Teamcenter Visualization Buffer Over Read Vulnerability (CNVD-2021-53359)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens AG, Germany. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. A buffer over-read vulnerability exists in...

Siemens Jt2go and Siemens Teamcenter Visualization Buffer Over Read Vulnerability (CNVD-2021-53358)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens AG, Germany. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. A buffer over-read vulnerability exists in...