205 matches found
AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)
An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...
MAL-2026-2232 Malicious code in checkmarx.cx-dev-assist (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b821135a3f6a7e85f6ed37a383363979118ad6c7b73433dd4882e99f24264155 This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...
Malicious code in checkmarx.cx-dev-assist (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b821135a3f6a7e85f6ed37a383363979118ad6c7b73433dd4882e99f24264155 This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...
MAL-2026-2231 Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...
GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)
The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
CVE-2025-66413
CVE-2025-66413 (Git for Windows) affects the Windows port of Git prior to 2.53.0(2). The issue arises when a user is tricked into cloning from a malicious server, allowing an attacker to obtain the user’s NTLM hash. Because NTLM hashing is weak, the attacker may brute-force the user’s account nam...
One click on this fake Google Meet update can give attackers control of your PC
A phishing page disguised as a Google Meet update notice is silently handing victims’ Windows computers to an attacker-controlled management server. No password is stolen, no files are downloaded, and there are no obvious red flags. It just takes a single click on a convincing Google Meet fake...
CVE-2026-23523
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
CVE-2023-50769
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
xss-lab-hack-v1
🎯 Laboratorio XSS - Práctica de Pentesting Un entorno complet...
EUVD-2025-36662
Jenkins Themis Plugin is missing a permission check...
GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
EUVD-2025-33396
BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...
PT-2025-41395
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitlab module in BBOT may allow an attacker to disclose a GitLab API key to a server under their control by using a maliciously formatted git URL. This could potentially lead to unauthorized...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that originates in the gitclone module, where a maliciously formatted git URL could lead to the disclosure of GitHub API keys to an attacker-controlled server...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...
EUVD-2025-32227
Malicious code in bioql PyPI...
EUVD-2024-0738
Malicious code in bioql PyPI...
EUVD-2025-28661
Malicious code in bioql PyPI...