20 matches found
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan RAT named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through...
CVE-2026-40544
SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...
CVE-2026-8208
CVE-2026-8208 affects Gibbon prior to v30.0.01. It is a local file inclusion vulnerability that can lead to remote code execution by manipulating the report archive directory and causing a user-supplied .zip to be interpreted as PHP. Exploitation requires Teacher or higher privileges and could co...
Important: python-jwcrypto
Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal...
CVE-2022-50936
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
CVE-2022-50936
WBCE CMS 1.5.2 is affected by an authenticated remote code execution vulnerability in the admin panel’s droplet upload functionality. Authenticated attackers can craft a zip payload to upload a malicious droplet, enabling arbitrary PHP code execution on the server. This aligns with multiple sourc...
PT-2026-2412
Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.5.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious droplets through the admin panel. Specifically, authenticated attackers can exploit the droplet upload...
uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...
EUVD-2025-36724
uv allows ZIP payload obfuscation through parsing differentials...
GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...
ZIP Payload Obfuscation Through Parsing Differentials
uv is vulnerable to ZIP payload obfuscation through parsing differentials. The vulnerability is due to improper ZIP archive validation due to failure to reconcile file entries against the central directory, allowing attackers to craft archives with inconsistent or stacked ZIPs that behave...
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...
uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat aka DarkCrystal RAT by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously...
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI
A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool , was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...
CVE-2018-12491
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the importf function in framework/admin/moduleccontrol.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944...