CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

EUVD-2018-19548

Malware in sbrugna...

EUVD-2019-6585

Malware in sbrugna...

EUVD-2025-5101

Malicious code in bioql PyPI...

EUVD-2024-2877

Malicious code in bioql PyPI...

Exploit for CVE-2025-49144

CVE-2025-49144 – Exploit for Notepad++ 8.8.1 This repository...

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox 140 and...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14997)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15003)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

MAL-2024-12355 Malicious code in szn-sasanka (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5b323a63a0911115caea7f87a1663849bcac57bfe4787cec2f2d72adc816a758 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from a mal-execution in the Autofill module...

Missing deadline check for AfEth actions

Lines of code Vulnerability details Summary AfEth main actions execute on-chain swaps and lack an expiration deadline, which enables pending transactions to be maliciously executed at a later point. Impact Both AfEth deposits and withdrawals include on-chain swaps in AMM protocols as part of thei...

PT-2023-25839 · Synel · Synel Terminals

Name of the Vulnerable Software and Affected Versions: Synel Terminals affected versions not specified Description: The issue is related to the download of code without an integrity check, which is classified as CWE-494. This problem can potentially allow malicious code to be executed on the...

Malicious code in hellodependency4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6ee690a1802b2ec1b8112926bc08ca611e8aaeb56abfd231a01d22b8d89f010c The OpenSSF Package Analysis project identified 'hellodependency4' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

JBXBuybackDelegate.didPay() allows for positive slippage theft

Lines of code Vulnerability details Impact The JBXBuybackDelegate.didPay calls swap which utilizes the Uniswap's swap function. JBXBuybackDelegate incorporates a negative slippage check in uniswapV3SwapCallback. However, it fails to consider the deadline parameter of the transaction. The deadline...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Hao Chen CAD Viewing King suffers from dll hijacking vulnerability

HaoChen CAD Viewer original name: HaoChen YunDu is a free CAD software that supports all versions of dwg format drawings to open online, and is fully compatible with AutoCAD, Tianzheng CAD, etc. It is also compatible with AutoCAD, Tianzheng CAD and other CAD software. Hochen CAD Viewer has a dll...

Component Reverse Auction Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Reverse Auction Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get it executed... Notes: ====== - For this particular PoC, all I did was exec a bind shell using...