56 matches found
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle AitM framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection...
EUVD-2025-25180
Malicious code in bioql PyPI...
EUVD-2025-25182
Malicious code in bioql PyPI...
EUVD-2025-25179
Malicious code in bioql PyPI...
EUVD-2025-25181
Malicious code in bioql PyPI...
SQL Injection
moonshine/moonshine is vulnerable to SQL injection. The vulnerability is due to improper handling of the Data parameter in the Blog module, which allows an attacker to inject malicious SQL queries...
Arbitrary File Upload
moonshine/moonshine is vulnerable to arbitrary file upload. The vulnerability is due to improper validation of uploaded SVG files, which allows an attacker to execute arbitrary code...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
CVE-2025-51488
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...
CVE-2025-51487
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...
CVE-2025-51489
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...
Cross-site Scripting (XSS)
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Link parameter when creating/updating a new Article. Note There appears to be a fix attempt in 3.12.4, which was reverted in 3.12.6. At the time of...
Unrestricted Upload of File with Dangerous Type
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the Files - Thumbnail parameter when creating/updating an Article. An attacker can run scripts within the context of the applicati...
Cross-site Scripting (XSS)
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name parameter when creating a new Admin, due to improper sanitization of user input. Details Cross-site scripting or XSS is a code vulnerability tha...
SQL Injection
Overview lee-to/moonshine-tree-resource is a Tree resource for moonshine Affected versions of this package are vulnerable to SQL Injection via the data parameter in the Route::moonshine function. An attacker can exploit this to read sensitive data from the database. Remediation Upgrade...
moonshine Stored Cross-Site Scripting Vulnerability in Create Article
A stored cross-site scripting XSS vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter...
GHSA-P632-58PP-C9XG moonshine Stored Cross-Site Scripting Vulnerability in Create Article
A stored cross-site scripting XSS vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter...
MoonShine Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...
GHSA-RH9F-GR6Q-MPC4 moonshine Stored Cross-Site Scripting Vulnerability in Create Admin
A stored cross-site scripting XSS vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
GHSA-8XFQ-7F6M-MPMF MoonShine Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...