CVE-2018-25435 ZeusCart 4.0 Deactivate Customer Accounts CSRF

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

EUVD-2018-15732

Malware in sbrugna...

EUVD-2021-2022

Malware in sbrugna...

EUVD-2018-15728

Malware in sbrugna...

EUVD-2018-8143

Malware in sbrugna...

EUVD-2025-16663

Malicious code in bioql PyPI...

EUVD-2023-44792

Malicious code in bioql PyPI...

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

Remote Code Execution

nltk is vulnerable to Remote Code Execution. The vulnerability is due to models containing pickled Python code, which could allow an attacker to execute arbitrary code. An attacker would need to preform a man-in-the-middle attack to modify the packaged pickles such as the averagedperceptrontagger...

Important: thunderbird

Issue Overview: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. CVE-2024-4367 If the browser.privatebrowsing.autostart preference is...

CVE-2024-25938

CVE-2024-25938 affects Foxit Reader 2024.1.0.23997 and is a use-after-free vulnerability in the Barcode widget. According to Talos, a specially crafted JavaScript in a malicious PDF can trigger reuse of a freed object, leading to memory corruption and potentially arbitrary code execution. Exploit...

CVE-2023-6923 Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2024-0750

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

Cross site scripting

The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Design/Logic Flaw

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...

Cross-Site Request Forgery (CSRF)

Assembla Auth Plugin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to lack of a state parameter in its OAuth flow which allows an attacker to trick a user into logging into the attacker's account...

LinkedIn: CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*

A CSRF vulnerability was identified that could potentially cause a LinkedIn user to follow an attacker-controlled account without additional confirmation by clicking a specially crafted URL...