EUVD-2025-3333

Malicious code in bioql PyPI...

CVE-2025-23674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through = 1.1...

CVE-2025-23674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through = 1.1...

CVE-2025-23674

CVE-2025-23674: Bit.ly linker WordPress plugin is affected by a Reflected XSS in the Bit.ly linker (NotFound) due to improper input neutralization during web page generation. Affected version range is up to 1.1; from n/a to 1.1. CVSS v3.1 base score 7.1 (HIGH). Current patch status is Unpatched p...

CVE-2025-23674 WordPress Bit.ly linker plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through = 1.1...

CVE-2025-23674 WordPress Bit.ly linker plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Bit.ly linker allows Reflected XSS. This issue affects Bit.ly linker: from n/a through 1.1...

WordPress plugin Bit.ly linker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country...

USPS “Your package could not be delivered” text is a smishing scam

A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...

Facebook, News and XSS Underpin Complex Browser Locker Attack

A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting XSS vulnerability on a popular news site, researchers said. Browser lockers are a type of...

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...

Koler Malware Propagating Through SMS

A new iteration of the Android ransomware Koler has surfaced that’s trying to trick its victims into downloading the malware by propagating through SMS messages. Android users receive SMS messages containing shortened bit.ly URLs that ultimately lead to the malicious .APK. Once opened, the packag...

VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)

No description provided by source. !/usr/bin/python Exploit Title: VideoCharge Studio SEH Buffer Overflow Date found: 27.10.2013 Exploit Author: metacom URL: http://www.videocharge.com/download.php Software Link: www.videocharge.com/download/VideoChargeStudioInstall.exe Version: 2.12.3.685 Tested...

VideoCharge Studio 2.12.3.685 Buffer Overflow

!/usr/bin/python Exploit Title: VideoCharge Studio SEH Buffer Overflow Date found: 27.10.2013 Exploit Author: metacom URL: http://www.videocharge.com/download.php Software Link: www.videocharge.com/download/VideoChargeStudioInstall.exe Version: 2.12.3.685 Tested on: Windows XP SP2 Poc...

Spam campaign tricking thousands with shortened .gov URLs

Symantec has reported an increase in spam messages containing .gov URLs. Cybercriminals are using 1.usa.gov links in their spam campaigns to trick users into thinking the links lead to genuine US government Web sites. Spammers have created these shortened URLs through a loophole in the URL...

N`CMS 1.1E - Local File Inclusion / Remote Code

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...

HTTPS Everywhere : Another Tool to Protect from Firesheep !

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. The EFF launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection...

Month Of Twitter Bugs - bit.ly XSS

Wednesday, July 1, 2009 MoTB 01: Multiple vulnerabilities in bit.ly service What is bit.ly "bit.ly allows users to shorten, share, and track links URLs. Reducing the URL length makes sharing easier. bit.ly can be accessed through our website, bookmarklets and a robust and open API. bit.ly is also...