Lucene search
+L

3958 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.7 views

CVE-2022-26646

Online Banking System Protect v1.0 was discovered to contain a local file inclusion LFI vulnerability via the pages parameter...

9.8CVSS7.2AI score0.01216EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.7 views

CVE-2022-26644

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via parameters on user profile, systeminfo and accounts management...

6.1CVSS6.4AI score0.00631EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:14 a.m.8 views

CVE-2019-2790

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with...

5.5CVSS5.5AI score0.00831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:14 a.m.17 views

CVE-2019-2754

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with...

8.1CVSS6.7AI score0.01391EPSS
Exploits0References1
HackRead
HackRead
added 2026/01/08 9:4 p.m.10 views

Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 5:10 p.m.13 views

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.9 views

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...

6.5CVSS8.5AI score0.00957EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/31 12:31 a.m.7 views

EUVD-2023-60533

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

8.8CVSS7.3AI score0.00295EPSS
Exploits1References6
OSV
OSV
added 2025/12/30 11:15 p.m.10 views

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

7.5CVSS5.9AI score0.00295EPSS
Exploits1References5
NVD
NVD
added 2025/12/30 11:15 p.m.7 views

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

8.8CVSS0.00295EPSS
Exploits1References5
CVE
CVE
added 2025/12/30 10:41 p.m.17 views

CVE-2023-54163

CVE-2023-54163 affects NLB mKlik Macedonia 3.3.12, where a SQL injection vulnerability exists in the international transfer parameters. The root cause is unsanitized input allowing arbitrary SQL execution, potentially exposing sensitive data from the mobile banking application. The CVSSv3.1 vecto...

8.8CVSS7.4AI score0.00295EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.3 views

CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

8.8CVSS7.4AI score0.00295EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.29 views

CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

8.8CVSS0.00295EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

NLB mKlik Macedonia SQL注入漏洞

NLB mKlik Macedonia is an official mobile banking application of NLB in the Republic of North Macedonia. A SQL injection vulnerability exists in NLB mKlik Macedonia version 3.3.12, which stems from improper cleanup of the international transfer parameter and could lead to an SQL injection attack...

8.8CVSS7.8AI score0.00295EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.10 views

PT-2025-54253

Name of the Vulnerable Software and Affected Versions NLB mKlik Macedonia version 3.3.12 Description The software contains a SQL injection issue in the international transfer parameters. This allows attackers to manipulate database queries by injecting arbitrary SQL code through unsanitized input...

8.8CVSS7.4AI score0.00295EPSS
Exploits1References10
Malwarebytes
Malwarebytes
added 2025/12/29 11:48 a.m.8 views

Malware in 2025 spread far beyond Windows PCs

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/12/15 7:0 a.m.12 views

Frogblight threatens you with a court case: a new Android banker targets Turkish users

In August 2025, we discovered a campaign targeting individuals in Turkey with a new Android banking Trojan we dubbed "Frogblight". Initially, the malware was disguised as an app for accessing court case files via an official government webpage. Later, more universal disguises appeared, such as th...

7.5AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/13 1:47 p.m.212 views

Exploit for Cross-site Scripting in Oretnom23 Banking_System

Description 1. CVE-2025-14221 2. Discoverer: Fatma Trabelsi 3...

5.4CVSS5.6AI score0.00217EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/12/09 7:37 a.m.10 views

CVE-2025-14221

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used...

5.4CVSS5.6AI score0.00217EPSS
Exploits2References1
Malwarebytes
Malwarebytes
added 2025/12/08 3:26 p.m.7 views

How phishers hide banking scams behind free Cloudflare Pages

During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...

6.8AI score
Exploits0
Rows per page
Query Builder