Lucene search
+L

194 matches found

NVD
NVD
added 2026/04/24 4:16 p.m.8 views

CVE-2025-59308

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

4.7CVSS0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.29 views

PT-2026-34880

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

4.7CVSS5.2AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 12:0 a.m.9 views

EUVD-2025-209574

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

4.7CVSS5.3AI score0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 12:0 a.m.7 views

CVE-2025-59308

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

5.2AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 12:0 a.m.19 views

CVE-2025-59308

In Mahara, versions before 24.04.10 and 25 before 25.04.1 allow an institution administrator or institution support administrator on a multi-tenant site to masquerade as an institution member in another institution if they also hold the 'Site staff' role. This is the core vulnerability described ...

4.7CVSS5.2AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:0 a.m.3 views

CVE-2025-59308

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

5.2AI score0.00177EPSS
Exploits0References3
HackRead
HackRead
added 2026/04/08 4:18 p.m.7 views

Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign

Operation Masquerade: The FBI and DoJ disrupted a Russian GRU campaign that hijacked routers via DNS attacks to spy on users and steal credentials...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/02 9:0 p.m.4 views

Malicious Package

Overview strapi-plugin-form is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/03/24 12:32 a.m.14 views

Improper Handling of Values

Overview Affected versions of this package are vulnerable to Improper Handling of Values in the DirectUploadsController. A malicious direct-upload client can set contenttype flags like identified and analyzed to make a malicious uploaded file appear safe. Remediation Upgrade activestorage to...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/11 5:12 a.m.7 views

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chronoanchor dnp3times timecalibrator timecalibrators time-sync The crates,...

10CVSS5.9AI score0.00453EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/05 1:48 p.m.10 views

Open the wrong “PDF” and attackers gain remote access to your PC

Cybercriminals behind a campaign dubbed DEADVAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents. Open the wrong “invoice” or “purchase order” and you won't see a document at all. Instead, Windows mounts a virtual drive...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 9:9 a.m.5 views

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a...

6.5AI score
Exploits0
Snyk
Snyk
added 2026/01/11 11:0 p.m.2 views

Malicious Package

Overview n8n-nodes-danev-test-project is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

9.8CVSS6.8AI score
Exploits0References2
CNVD
CNVD
added 2025/11/18 12:0 a.m.5 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29241)

Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in the Lens feature in Google Chrome prior to version 136.0.7103.59, which stems from an imperfect validation mechanism for QR codes. The vulnerability can be exploited by an attacker to conduct an interface...

6.3CVSS6.5AI score0.00137EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.7 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29239)

Google Chrome is Google's web browser. A security vulnerability exists in Google Chrome versions prior to 134.0.6998.35, which stems from an inadequate validation mechanism for the web application installation process. The vulnerability can be exploited by an attacker to conduct an interface...

4.3CVSS6.5AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29238)

Google Chrome is a web browser developed by Google. A security vulnerability exists in the compositing feature in Google Chrome prior to version 140.0.7339.80, which stems from a flaw in the compositing module's handling of UI elements. The vulnerability can be exploited by an attacker to conduct...

4.3CVSS6.4AI score0.00198EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.12 views

PT-2025-44331

Highlights New Product Support AMD Ryzen™ AI 5 330 New Game Support Battlefield™ 6 DX12 Vampire: The Masquerade - Bloodlines 2 DX12 Expanded Vulkan Extension Support VK EXT shader float8 VK KHR video decode vp9 VK KHR video encode av1 VK KHR video encode quantization map VK AMDX dense geometry...

6.5CVSS6.6AI score0.01175EPSS
Exploits1References1
NVD
NVD
added 2025/10/22 7:15 a.m.5 views

CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 6:52 a.m.4 views

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS6.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 6:52 a.m.17 views

CVE-2025-41720

CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...

4.3CVSS6.8AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder