ICE Is Using Palantir’s AI Tools to Sort Through Tips

ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document...

EUVD-2024-37390

Malicious code in bioql PyPI...

EUVD-2024-37391

Malicious code in bioql PyPI...

EUVD-2024-37392

Malicious code in bioql PyPI...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

CVE-2024-38522 CSP bypass in Hush Line

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...

CVE-2024-38521

Vulnerability: CVE-2024-38521 affects Hush Line prior to version 0.1.0, with a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and is not sanitized on display. Root cause (from PT-2024-28049): mis-handling of user-controlled input in the Inbox leads to stored XSS....

CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...