372 matches found
CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
Nikto Web Scanner 2.6.0
Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including thousands of potentially dangerous files/programs, checks for outdated versions of over 1500 server components, and version specific problems on hundreds of servers...
NETGEAR’s various products have security vulnerabilities
NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...
Firefox Security Vulnerabilities: An Expert Guide
For any vulnerability management team, the daily flood of alerts can be overwhelming. When your scanner flags dozens of new CVEs, it’s easy to see browser-related issues as lower priority. Yet, a critical flaw in a widely used application like Firefox can be the initial foothold an attacker needs...
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...
Update Chrome now: Google fixes 13 security issues affecting billions
Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can pro...
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...
CVE-2025-12940
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
Clam AntiVirus Toolkit 1.5.1
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs ar...
EUVD-2016-6070
Malware in sbrugna...
EUVD-2021-25583
Malware in sbrugna...
EUVD-2019-2059
Malware in sbrugna...
EUVD-2019-7298
Malware in sbrugna...
EUVD-2022-26880
Malicious code in bioql PyPI...
EUVD-2022-43319
Malicious code in bioql PyPI...
CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...
Update your Apple devices to fix dozens of vulnerabilities
Apple has released security updates for iPhones, iPads, Apple Watches, Apple TVs, and Macs as well as for Safari, and Xcode to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data. How to update your devices How to update your iPhone or iPad For iOS and iPadOS...
All Apple users should update after company patches zero-day vulnerability in all platforms
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability a vulnerability which Apple was previously unaware of that is reportedly being used in targeted attacks. The updates cover: iOS 18.6.2 and iPadOS 18.6.2 iPhone XS and later, iPad Pro 13-inch, iPad Pro...
Fedora 43 : micropython (2025-4f95f160be)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4f95f160be advisory. Automatic update for micropython-1.25.0-1.fc43. Changelog Fri May 9 2025 Charalampos Stratakis - 1.25.0-1 - Update to 1.25.0 - Security fixes for...