3958 matches found
CVE-2022-26646
Online Banking System Protect v1.0 was discovered to contain a local file inclusion LFI vulnerability via the pages parameter...
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...
CVE-2019-2790
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with...
CVE-2019-2754
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with...
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages
Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials...
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the...
CVE-2022-27991
Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...
EUVD-2023-60533
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...
CVE-2023-54163
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...
CVE-2023-54163
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...
CVE-2023-54163
CVE-2023-54163 affects NLB mKlik Macedonia 3.3.12, where a SQL injection vulnerability exists in the international transfer parameters. The root cause is unsanitized input allowing arbitrary SQL execution, potentially exposing sensitive data from the mobile banking application. The CVSSv3.1 vecto...
CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...
CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...
NLB mKlik Macedonia SQL注入漏洞
NLB mKlik Macedonia is an official mobile banking application of NLB in the Republic of North Macedonia. A SQL injection vulnerability exists in NLB mKlik Macedonia version 3.3.12, which stems from improper cleanup of the international transfer parameter and could lead to an SQL injection attack...
PT-2025-54253
Name of the Vulnerable Software and Affected Versions NLB mKlik Macedonia version 3.3.12 Description The software contains a SQL injection issue in the international transfer parameters. This allows attackers to manipulate database queries by injecting arbitrary SQL code through unsanitized input...
Malware in 2025 spread far beyond Windows PCs
This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...
Frogblight threatens you with a court case: a new Android banker targets Turkish users
In August 2025, we discovered a campaign targeting individuals in Turkey with a new Android banking Trojan we dubbed "Frogblight". Initially, the malware was disguised as an app for accessing court case files via an official government webpage. Later, more universal disguises appeared, such as th...
Exploit for Cross-site Scripting in Oretnom23 Banking_System
Description 1. CVE-2025-14221 2. Discoverer: Fatma Trabelsi 3...
CVE-2025-14221
A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used...
How phishers hide banking scams behind free Cloudflare Pages
During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...