117 matches found
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...
CVE-2026-1086
CVE-2026-1086 concerns the Font Pairing Preview For Landing Pages WordPress plugin. The vulnerability is Cross-Site Request Forgery due to missing nonce validation on the settings update function, affecting all versions up to and including 1.3. This allows unauthenticated attackers to modify the ...
CVE-2026-1086 Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update
The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the...
WordPress Font Pairing Preview For Landing Pages plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Font Pairing Preview For Landing Pages versions = 1.3...
WordPress plugin Font Pairing Preview For Landing Pages 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
OAuth redirection abuse enables phishing and malware delivery
Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...
CVE-2025-13496
The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosendlandingsauthget function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-13496 Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion
The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosendlandingsauthget function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-13496
CVE-2025-13496 (Moosend Landing Pages, WordPress) The WordPress plugin Moosend Landing Pages (up to v1.1.6) contains a missing capability check in moosend_landings_auth_get, allowing authenticated users with Subscriber level access or higher to delete the moosend_landing_api_key option. The issue...
CVE-2025-13496 Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion
The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosendlandingsauthget function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
PT-2026-1589
Name of the Vulnerable Software and Affected Versions Moosend Landing Pages plugin for WordPress versions through 1.1.6 Description The Moosend Landing Pages plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the moosend...
WordPress plugin Moosend Landing Pages 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress Moosend Landing Pages plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Option Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Moosend Landing Pages versions = 1.1.6...
EUVD-2015-4090
Malware in sbrugna...
EUVD-2015-4091
Malware in sbrugna...
EUVD-2013-6071
Malware in sbrugna...
EUVD-2015-5223
Malware in sbrugna...
EUVD-2023-48600
Malicious code in bioql PyPI...
EUVD-2024-27675
Malicious code in bioql PyPI...
EUVD-2025-11995
Malicious code in bioql PyPI...