100 matches found
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini 1.4.0 Build 6221 contains a file inclusion caused by manipulation of the 'path' argument in boss/servlet/document, letting remote attackers include arbitrary files, exploit requires remote access. id: CVE-2023-3643 info: name: CAREL Boss Mini = 1.4.0 - Local File Inclusion author:...
Boss Mini v1.4.0 - Local File Inclusion (LFI)
Exploit Title: Boss Mini v1.4.0 - Local File Inclusion LFI Date: 07/12/2023 Exploit Author: nltt0 Version: 1.4.0 Build 6221 CVE: CVE-2023-3643 from requests import post from urllib.parse import quote from argparse import ArgumentParser banner = r""" / \ | | / | | / / | | \ --. | | / | |/ | ' \ /...
PT-2025-52001
Name of the Vulnerable Software and Affected Versions The African Boss Get Cash versions through 3.2.3 Description An authorization issue exists in The African Boss Get Cash’s get-cash functionality. This allows exploitation due to incorrectly configured access control security levels...
📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal
Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...
Systematically Deconstructing APVD Steganography and Its Payload with a Unified Deep Learning Paradigm
In the era of digital communication, steganography allows covert embedding of data within media files. Adaptive Pixel Value Differencing APVD is a steganographic method valued for its high embedding capacity and invisibility, posing challenges for traditional steganalysis. This paper proposes a...
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe aka APT36, a...
EUVD-2025-22930
Malicious code in bioql PyPI...
EUVD-2023-41796
Malicious code in bioql PyPI...
EUVD-2025-26954
Malicious code in bioql PyPI...
EUVD-2025-5664
Malicious code in bioql PyPI...
EUVD-2022-37733
Malicious code in bioql PyPI...
EUVD-2025-18260
Malicious code in bioql PyPI...
CVE-2025-58823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The African Boss Get Cash get-cash allows Stored XSS.This issue affects Get Cash: from n/a through = 3.2.3...
CVE-2025-58823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The African Boss Get Cash get-cash allows Stored XSS.This issue affects Get Cash: from n/a through = 3.2.3...
CVE-2025-58823
CVE-2025-58823 impacts the WordPress Get Cash plugin (affected: Get Cash plugin
PT-2025-36162
Name of the Vulnerable Software and Affected Versions: The African Boss Get Cash versions through 3.2.2 Description: The African Boss Get Cash is susceptible to a cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks...
Malicious code in boss-eeeeeeeeeeeeeeui (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-6913 Malicious code in boss-eeeeeeeeeeeeeeui (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
CVE-2025-54299
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered...
CVE-2025-54299
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered...