EUVD-2025-15028

Malicious code in bioql PyPI...

CVE-2025-50089

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flag...

What we learned from our Advent Calendar

Vulnerability Types In this years Advent of PHP Application Vulnerabilities APAV, we examined 36 critical security issues which were detected in 19 different PHP applications by our code analysis solution RIPS. We presented a multitude of critical security issues found in widely-used open-source...

AContent 1.0 - Cross-Site Scripting HTML Injection

AContent 1.0 - Cross-Site Scripting HTML Injection source: https://www.securityfocus.com/bid/43238/info AContent is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically...

CVE-2003-1184

Multiple cross-site scripting XSS vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via 1 time in board.php, 2 the profile Homepage-Feld, 3 pictures, and 4 other "Diverse XSS Bugs."...