PT-2025-51234

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform affected versions not specified Description The platform exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A...

CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

DigitalPA Legality WHISTLEBLOWING 安全漏洞

DigitalPA Legality WHISTLEBLOWING is a software system used to manage reporting by DigitalPA Italy. A security vulnerability exists in DigitalPA Legality WHISTLEBLOWING, which stems from the absence of critical HTTP security headers and could lead to cross-site scripting and clickjacking attacks...

EUVD-2025-19312

Malicious code in bioql PyPI...

CVE-2025-52818

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through = 2.0.1...

CVE-2025-52818

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through = 2.0.1...

CVE-2025-52818 WordPress Trusty Whistleblowing plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through = 2.0.1...

CVE-2025-52818

CVE-2025-52818 is a Missing Authorization vulnerability in the WordPress plugin Trusty Whistleblowing . The initial entry indicates impact on versions from unknown (n/a) up to 1.5.2 , with a CVSS v3.1 base score of 8.2 (High) , vulnerability class “Missing Authorization,” and a network attack vec...

CVE-2025-52818 WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2...

PT-2025-27136 · Unknown · Dejan Jasnic Trusty Whistleblowing

Name of the Vulnerable Software and Affected Versions: Dejan Jasnic Trusty Whistleblowing versions 1.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For...

WordPress plugin Trusty Whistleblowing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

Weird Fallout from Peiter Zatko’s Twitter Whistleblowing

People are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not been contacted. Im not sure if I should feel slighted...

EQS Integrity Line Cross Site Scripting / Information Disclosure Vulnerabilities

EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...

Speakers Censored at AISA Conference in Melbourne

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake, former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus, lecturer ...

Uber Deployed 'Surfcam Spyware' in Australia to Crush the Competition – Report

A rogue employee at rideshare behemoth Uber created and deployed a piece of information-gathering software in order to help his company get a leg up on the local competition in Australia, according to a report. The so-called “secret spyware program” was dubbed Surfcam, and was developed by the...

whistleblowing.emmi-benchmarks.eu XSS vulnerability

Open Bug Bounty ID: OBB-691246 Description| Value ---|--- Affected Website:| whistleblowing.emmi-benchmarks.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSS...

GlobaLeaks - The Open-Source Whistleblowing Software

GlobaLeaks is open-source / free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights. For the user manual refer to the GlobaLeaks's User Manual. For the developer documentation refer to the GlobaLeaks...

Open-Source Whistleblowing Framework: GlobaLeaks

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights . It is an Open Whistleblowing Framework that can be used in many different usage scenarios that may require very...

NSA: Snowden Email Refutes Protests of Agency Surveillance

The National Security Agency has released an email from Edward Snowden sent last April to the Office of General Counsel that refutes the whistleblower’s contention that he notified authorities about the NSA’s surveillance reach. In an accompanying statement, the NSA said the message is the only o...

Edward Snowden at SXSW Conference: Would I do this again?, I Would!

The Whistleblower and Former National Security Agency NSA contractor Edward Snowden raised his voice and talked about citizen’s privacy once again. Yes, Snowden, whose leaks last year triggered debate on the massive surveillance conducted by the Government worldwide. In an interview, speaking via...