412 matches found
EUVD-2007-1823
Malware in sbrugna...
EUVD-2013-5524
Malware in sbrugna...
EUVD-2006-5344
Malware in sbrugna...
EUVD-2014-5456
Malware in sbrugna...
EUVD-2024-52193
Malicious code in bioql PyPI...
EUVD-2022-34881
Malicious code in bioql PyPI...
EUVD-2024-20785
Malicious code in bioql PyPI...
EUVD-2025-14180
Malicious code in bioql PyPI...
EUVD-2024-35563
Malicious code in bioql PyPI...
EUVD-2025-18183
Malicious code in bioql PyPI...
EUVD-2025-18177
Malicious code in bioql PyPI...
EUVD-2023-46144
Malicious code in bioql PyPI...
EUVD-2025-6049
Malicious code in bioql PyPI...
CVE-2025-24936
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to th...
IBM Spectrum Protect Plus Web UI 10.1.0 < 10.1.17.1 (7237702)
The version of IBM Spectrum Protect Plus Web UI installed on the remote host is prior to 10.1.17.1 IBM Spectrum Protect Plus. It is, therefore, affected by multiple vulnerabilities as referenced in the 7237702 advisory. - Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in h...
CVE-2025-49149
Dify, an open-source LLM app platform, has a vulnerability in version 1.2.0 caused by insufficient filtering of user input in web applications, allowing injection of malicious script and potentially leading to cross-site scripting (XSS) when users browse affected pages. The CVE entries consistent...
CVE-2025-4659
The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...
A Human Study of Cognitive Biases in Web Application Security
Cybersecurity training has become a crucial part of computer science education and industrial onboarding. Capture the Flag CTF competitions have emerged as a valuable, gamified approach for developing and refining the skills of cybersecurity and software engineering professionals. However, while...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations...
CVE-2024-42366
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...