FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-03-04 | CVE-2020-24914 | critical | ⚡RCE | 50 | A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. |
| 2021-03-04 | CVE-2020-24914 | critical | ⚡RCE | 50 | A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. |
| 2021-03-04 | CVE-2020-24913 | critical | 35 | A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. | |
| 2021-03-04 | CVE-2020-24913 | critical | 35 | A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. |
“A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.”
“CVE 2020-24913 is a critical vulnerability in qcubed.”
“Hackers exploit Roundcube flaw to spy on academic researchers”
“Over 84,000 Roundcube webmail servers remain exposed to a critical RCE flaw (CVE-2025-49113) despite a June 2025 patch fixing the vulnerability.”
“'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets”
“BREAKING: Apple accuses an OpenAI employee of hacking its systems, downloading unreleased product files, & celebrating the breach as 'so funny.'”
“Accenture Confirms Intrusion After Hacker Claims 35GB Data Breach”
“A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.”