634 matches found
CVE-2025-69907
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration...
GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
EUVD-2026-3683
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
Following the digital trail: what happens to data stolen in a phishing attack
Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...
Grav User Enumeration and Email Disclosure Vulnerabilities
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...
CVE-2025-66307
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...
EUVD-2020-27963
Malware in sbrugna...
EUVD-2019-13658
Malware in sbrugna...
EUVD-2020-27964
Malware in sbrugna...
How we trained an ML model to detect DLL hijacking
DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...
EUVD-2022-7071
Malicious code in bioql PyPI...
EUVD-2023-54616
Malicious code in bioql PyPI...
EUVD-2022-43291
Malicious code in bioql PyPI...
EUVD-2025-7100
Malicious code in bioql PyPI...
EUVD-2023-55156
Malicious code in bioql PyPI...
EUVD-2025-9725
Malicious code in bioql PyPI...
Do Not Install the Avahi Service
Avahi is a zero-configuration networking implementation, including a system for multicast DNS/DNS-SD service discovery and automatic broadcast. For example, you can connect a server to the network and use Avahi to automatically broadcast network services running on the server for other user to...
USN-7772-1 python-eventlet vulnerability
It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France CERT-FR. The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county...
PT-2025-35340
WhatsApp fixed a zero-click bug CVE-2024-55177 used in targeted spyware attacks affecting less than 200 iOS/Mac users. The exploit, combined with an Apple flaw CVE-2024-43300, allowed data theft. The attacker is unknown. https://t.co/NATZvQytTO...