Lucene search
K

471 matches found

The Hacker News
The Hacker News
added 2026/04/03 9:10 a.m.8 views

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:4 p.m.4 views

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS6.3AI score0.00445EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/03/04 1:44 p.m.6 views

Does the UK really want to ban VPNs? And can it be done?

The idea of a "Great British Firewall" makes for a catchy headline, but it would be riddled with holes and cause huge problems. The Guardian reports that the GCHQ Government Communications Headquarters, a UK intelligence, security, and cyber agency, is exploring the idea of a British firewall...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/02/10 1:34 a.m.8 views

[SECURITY] Fedora 43 Update: rust-app-store-connect-0.5.0-6.fc43

Apple App Store Connect API and client...

7.5CVSS5.4AI score0.00443EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/19 10:25 p.m.10 views

CVE-2026-23525

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

8.4CVSS6AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2026/01/18 11:15 p.m.7 views

CVE-2026-23525

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

8.4CVSS0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/01/18 10:10 p.m.22 views

CVE-2026-23525

CVE-2026-23525 affects 1Panel, a web-based Linux server management panel. The stored XSS vulnerability originates from insufficient sanitization in the MdEditor component (previewOnly) used to render App Store and related content, allowing malicious scripts to run in the user’s browser and potent...

8.4CVSS5.6AI score0.00306EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/18 10:10 p.m.4 views

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/18 10:10 p.m.4 views

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS6AI score0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/18 10:10 p.m.2 views

CVE-2026-23525

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/18 10:10 p.m.5 views

EUVD-2026-3193

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS5.5AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/18 10:10 p.m.21 views

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.5 views

PT-2026-3400

Name of the Vulnerable Software and Affected Versions 1Panel versions through 1.10.33-lts 1Panel versions through 2.0.16 Description 1Panel is a web-based control panel for Linux server management. A stored Cross-Site Scripting XSS issue exists in the 1Panel App Store when viewing application...

8.4CVSS5.8AI score0.00306EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-13841

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13841

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.23 views

CVE-2025-13841 Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.2 views

CVE-2025-13841 Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.8AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1607

Name of the Vulnerable Software and Affected Versions Smart App Banners plugin for WordPress versions prior to 1.3 Description The Smart App Banners plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/18 6:46 p.m.11 views

CVE-2025-13326

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

3.9CVSS6.9AI score0.00093EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 9:30 p.m.8 views

EUVD-2025-203922

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

3.9CVSS6.3AI score0.00093EPSS
Exploits0References2
Rows per page
Query Builder