3461 matches found
CVE-2026-15110
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
CVE-2026-14062
Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-3602
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
EUVD-2026-40385
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
PT-2026-53945
Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.26 IBM Integration Bus for z/OS versions 10.1.0.0 through 10.1.0.7 Description SQL injection allows a remote attacker to...
Delta Electronics DTM Soft
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writer field's link and email marks. An attacker can execute arbitrary JavaScript code in the context of the authenticated user's browser session by injecting a malicious link and tricking the user into...
EUVD-2026-37530
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
GHSA-C6MH-FPJC-4PR3 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...
CVE-2026-12060
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...
EUVD-2026-36390
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...
CVE-2026-12060 Hepta Platforms|Heptabase - Exposed Dangerous
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...
CVE-2026-12060
CVE-2026-12060 concerns Heptabase (Hepta Platforms) with an Exposed Dangerous Method or Function vulnerability. The description indicates unauthenticated remote attackers can leverage social engineering to persuade a victim to open or load a malicious webpage inside the Heptabase application, res...
ClickFix HTML Static Detector
This script is a lightweight static analysis tool designed to identify HTML pages that exhibit patterns commonly associated with ClickFix-style social engineering campaigns...
ClickFix Server Web-Based Social Engineering Delivery Browser Update Prompts
This Python program implements a web server that delivers browser-themed pages designed to instruct visitors to manually execute commands through operating system interfaces such as run dialogs or shell launchers...
AI brands as bait: How threat actors are using the AI hype in social engineering
In this article 1. ChatGPT-themed lure leads to phishing kit collecting credit card data 2. Claude-themed phishing campaign collected credentials and access tokens 3. "Awesome AI Windows Plugin” malvertising deploys Vidar stealer 4. Fake DeepSeek V4 installers on GitHub delivered Vidar Stealer 5...
CVE-2026-11502
A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and...
PT-2026-47264
A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...