5mghost-rover (>=0.0.1 <=0.0.3), a-mailx (=0.1.0) +1168 more potentially affected by CVE-2026-7246 via click (>=8.2.0 <=8.3.2)

click PYPI version =8.2.0, =0.0.1, =1.3.8, =1.0.32, =0.6.0, =1.0.1, =0.2.3, =0.4.0, =0.2.6, =0.1.1, =0.1.0, =0.1.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-7246 Source advisory: SNYK:PYTHON-CLICK-16347201...

SUSE-SU-2026:0828-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library bsc1256414...

PHPads SQL注入漏洞

PHPads is a simple PHP banner advertising script developed by Nile Flores. Version 2.0 of PHPads contains an SQL injection vulnerability, which stems from the bannerID parameter in the click.php3 file. This vulnerability could allow unverified attackers to execute arbitrary SQL queries and extrac...

EUVD-2025-206240

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

EUVD-2025-24161

Malicious code in bioql PyPI...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corrupti...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corrupti...

CVE-2025-55733

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security...

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence AI vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 M365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the...

PT-2025-25295 · Undefined · Undefined

EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed EchoLeak Hackers Microsoft Copilot CopilotAgent MIcrosoft365 @Microsoft @Copilot...

CVE-2021-38745

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2024-38063 - Windows TCP/IP Remote Code Execution Vulnerab...

CVE-2024-3110 Stored XSS leading to admin account takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them...

GHSA-W8FQ-XGVH-CXC2 Silverstripe Forum Module CSRF Vulnerability

A number of form actions in the Forum module are directly accessible. A malicious user e.g. spammer can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting i...

GitLab warns zero-click vulnerability could lead to account takeovers

GitLab has issued a warning about a critical vulnerability in GitLab Community Edition CE and Enterprise Edition EE. GitLab is an online DevOps platform that allows developers to collaborate on creating software. Organizations have a choice to install GitLab on their own servers or under GitLab’s...

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs – a vulnerability affecting both macOS and iOS...

Exploit for Insecure Storage of Sensitive Information in Microsoft

CVE-2020-1493 This vulnerability occurs in Outlook 2019 16.0...

Exploit for CVE-2020-1349

CVE-2020-1349 This vulnerability occurs in Outlook 2019 16.0...