CVE-2021-41273

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

EUVD-2021-2407

Malware in sbrugna...

EUVD-2006-6151

Malware in sbrugna...

EUVD-2008-6943

Malware in sbrugna...

EUVD-2023-56030

Malicious code in bioql PyPI...

EUVD-2021-34177

Malicious code in bioql PyPI...

EUVD-2022-34027

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom...

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families...

CVE-2025-54879

Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...

Advancing Email Spam Detection: Leveraging Zero-Shot Learning and Large Language Models

Email spam detection is a critical task in modern communication systems, essential for maintaining productivity, security, and user experience. Traditional machine learning and deep learning approaches, while effective in static settings, face significant limitations in adapting to evolving spam...

CVE-2023-51332

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51321

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2021-4350

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

WordPress WP Contact Form7 Email Spam Blocker plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Contact Form7 Email Spam Blocker versions = 1.0.0...

CVE-2024-13467

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-13467

The CVE-2024-13467 entry concerns the WordPress plugin WP Contact Form7 Email Spam Blocker. A Reflected Cross-Site Scripting vulnerability exists in the post parameter for all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping. This allows unauthenti...

CVE-2024-13467 WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-13467 WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting

The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

What I’ve learned in my first 7-ish years in cybersecurity

When I first interviewed with Joel Esler for my position at Cisco Talos, I remember when the time came for me to ask questions, one thing stood out. I asked what resources were available to me to learn about cybersecurity, because I was totally new to the space. His answer: The people. When I ask...