EUVD-2023-29129

Malicious code in bioql PyPI...

EUVD-2024-52311

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-52005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...

CVE-2024-56358

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-39212 Last video frame is still sent after video is disabled in a call in Nextcloud Talk

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or...

Oops! TP-Link forgets to Renew and Loses its Domains Used to Configure Router Settings

To make the configuration of routers easier, hardware vendors instruct users to browse to a domain name rather than numeric IP addresses. Networking equipment vendor TP-LINK uses either tplinklogin.net or tplinkextender.net for its routers configuration. Although users can also access their route...

GiantRat Mailer exposes PoP password

Security advisory Issue: GiantRat Mailer exposes plain text PoP password Date: 03/13/03 Vendor first notified: Febuary 2003 Affected versions: All tested v3.1, 2.x, 1.x ABOUT GiantRat Mailer: GiantRat Mailer is an innovative email client that has settings for the sight-impaired and has optional...

RG-1000 802.11 Residential Gateway default WEP key disclosure flaw

Name: RG-1000 default network name and WEP key exposure Product: Orinoco RG-1000 www.wavelan.com Severity: An attacker can determine the network name SSID, and current WEP encryption key-- allowing unrestricted access to the LAN. Author: William A. Arbaugh [email protected] http://www.cs.umd.edu/waa...