Lucene search
K

268 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42760

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-12598

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/15 7:1 a.m.25 views

A week in security (June 8 &#8211; June 14)

Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...

5.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/11 4:7 p.m.16 views

Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts

A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:41 a.m.13 views

Malicious code in spotify-url-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 4:41 a.m.12 views

MAL-2026-5574 Malicious code in spotify-url-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...

5.5AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/10 4:27 p.m.15 views

Free Spotify Premium hacks on social media are spreading infostealers

Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...

5.7AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/06 1:0 p.m.9 views

Wiz + Spotify Backstage: Security at the Developer’s Desk

Bring Wiz Issues directly into Backstage, so developers can act on security issues in the tools they use everyday...

5.3AI score
Exploits0
HackRead
HackRead
added 2026/02/02 1:53 p.m.5 views

Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion

Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music...

5.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/29 8:2 a.m.9 views

A week in security (December 22 &#8211; December 28)

Last week on Malwarebytes Labs: Pornhub tells users to expect sextortion emails after data exposure Hacktivists claim near-total Spotify music scrape Stay safe! We don 't just report on threats—we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headlin...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/23 12:28 p.m.8 views

Hacktivists claim near-total Spotify music scrape

Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...

7.2AI score
Exploits0
HackRead
HackRead
added 2025/12/23 10:59 a.m.7 views

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...

7AI score
Exploits0
Fedora
Fedora
added 2025/12/02 1:34 a.m.8 views

[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42

A light weight Python library for the Spotify Web API...

7AI score
Exploits0
Fedora
Fedora
added 2025/12/02 1:18 a.m.7 views

[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41

A light weight Python library for the Spotify Web API...

7AI score
Exploits0
Fedora
Fedora
added 2025/12/02 12:50 a.m.7 views

[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43

A light weight Python library for the Spotify Web API...

7AI score
Exploits0
EUVD
EUVD
added 2025/12/01 7:7 p.m.6 views

EUVD-2025-199770

Spotipy has a XSS vulnerability in its OAuth callback server...

3.6CVSS5.6AI score0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.7 views

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

3.6CVSS5.8AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-8902

Malware in sbrugna...

5.4CVSS5.5AI score0.00521EPSS
Exploits0References2
Rows per page
Query Builder