205 matches found
CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...
CVE-2025-10183 XML External Entity Injection in TecConnect 4.1
A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : KMail Account Wizard vulnerability (USN-7732-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7732-1 advisory. It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. A...
Malicious Package
Overview snapshot-photo is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and send it ...
Malicious Package
Overview time-server-analyzer is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and se...
Malicious Package
Overview soonje2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview zonblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview zonblogcafecomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools...
Malicious Package
Overview njongtoduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview njongtozon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview nblogduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...
Malicious Package
Overview iuu-64bit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...
Malicious Package
Overview duoblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview jongmogtolon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview boardpostingduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools fo...
Malicious Package
Overview tblogduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...
Malicious Package
Overview CAFEverillban is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview setago is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview setago2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview soonje1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...