EUVD-2022-3203

Malicious code in bioql PyPI...

CVE-2021-27352

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...

CVE-2024-49763

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...

CVE-2024-49763 PlexRipper allows API leak due to open CORS policy

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...

CVE-2024-26284

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting UXSS on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS 123...

CVE-2023-0654

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

Hubstaff 1.6.14-61e5e22e - (wow64log) DLL Search Order Hijacking Vulnerability

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor Description Hubstaff i...

Anyone can withdraw all the ETH sent to Payment contract

Lines of code Vulnerability details Impact Anyone can withdraw all the ETH sent to Payment contract Proof of Concept 1. Someone send ETH to Payment contract 2. Attacker will call refundETH 3. Payment contract will transfer all ETH to attacker's address Tools Used Manual Analysis --- The text was...

CVE-2023-24446

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

Directory traversal

DISPUTED Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code...

CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...

GHSA-82J9-WFCF-9V2H Plone Open Redirect Vulnerability

An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...

Plone Open Redirect Vulnerability

An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...

LXD vulnerable to Race Condition

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...

TOTOLINK N600R has a logic flaw vulnerability

The N600R is a wireless router. A logic flaw vulnerability exists in the TOTOLINK N600R, which can be exploited by attackers to bypass login restrictions...

Design/Logic Flaw

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...

CVE-2021-44683

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...

EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2525)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This...

CVE-2021-28581

Adobe Creative Cloud Desktop 3.5 and earlier is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine...