CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2017-18691

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 Exynos8890 chipsets software. There are multiple Buffer Overflows in TSP sysfs cmdstore. The Samsung ID is SVE-2016-7500 January 2017...

EUVD-2017-9782

Malware in sbrugna...

Malicious code in openai-tsp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9afad0907413b0e88664cb893d34b71ad10d4a15def77275bc4a654bb21dd7a8 The OpenSSF Package Analysis project identified 'openai-tsp' @ 16.1.0...

MAL-2025-6384 Malicious code in openai-tsp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9afad0907413b0e88664cb893d34b71ad10d4a15def77275bc4a654bb21dd7a8 The OpenSSF Package Analysis project identified 'openai-tsp' @ 16.1.0...

MAL-2024-11112 Malicious code in tsp-rn-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71ec0c368895b83b2ed9842e86020069dc8e3fe874f79f6c0d6dd19d7db42de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tsp-rn-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71ec0c368895b83b2ed9842e86020069dc8e3fe874f79f6c0d6dd19d7db42de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-30653

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

Malicious Package

Overview tsp-sdk is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection

Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

CVE-2022-46163

CVE-2022-46163 affects the Travel Support Program (openSUSE) – a Rails app that uses the Ransack search library. The default Ransack configuration can be abused via *_start, *_end, or *_cont matchers to perform character‑by‑character brute‑force and exfiltrate sensitive data (e.g., bank account n...

MAL-2022-6673 Malicious code in tsp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc403d291cb9ff5ecda4c2c9388c3274698f50c9cc4982cad4ee8da7017d8c8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tsp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc403d291cb9ff5ecda4c2c9388c3274698f50c9cc4982cad4ee8da7017d8c8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2017-18691

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 Exynos8890 chipsets software. There are multiple Buffer Overflows in TSP sysfs cmdstore. The Samsung ID is SVE-2016-7500 January 2017...

Buffer overflow

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 Exynos8890 chipsets software. There are multiple Buffer Overflows in TSP sysfs cmdstore. The Samsung ID is SVE-2016-7500 January 2017...

CVE-2017-18691

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 Exynos8890 chipsets software. There are multiple Buffer Overflows in TSP sysfs cmdstore. The Samsung ID is SVE-2016-7500 January 2017...

CVE-2017-18691

Samsung mobile devices with Exynos8890 (M6.0 and N7.0) are affected by multiple buffer overflows in TSP sysfs cmd_store. Root cause: unsafe handling in TSP sysfs cmd_store leading to buffer overflows. Impact: described as buffer overflows with high/critical severity (CVSS v3.1: 9.8; network acces...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2016-1047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vehicle Telematics Security; getting it right

We spend a LOT of time looking at vehicle telematics security, sometimes on client projects but mostly doing vanilla research on telematics components that we’ve bought ourselves, or investigating our own vehicles. We have a pile of vehicle TCUs here that’s several feet high, plus a couple of...

DarkPulsar

In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical window...