EUVD-2021-31564

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-5851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflect...

CVE-2025-27609

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...

Fake Microsoft Teams for Mac delivers Atomic Stealer

Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon OSX.RodStealer project, another threat using a similar code base and delivery techniques. Based o...

CVE-2021-44749

A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to...

CVE-2021-44749

F-Secure SAFE Browser Protection for Android is reported vulnerable to universal cross-site scripting due to improper URL handling in the SAFE browser protection module. The vulnerability could allow arbitrary code execution; user interaction is required for exploitation. Connected sources refere...

CVE-2022-22124

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser...

Microsoft Edge Content Security Bypass Vulnerability

Summary An exploitable information leak vulnerability exists in the Content Security Policy enforcement functionality of Microsoft Edge 40.15063.0.0. A specially crafted web page can cause a content security policy bypass resulting in an information leak. An attacker can create a malicious webpag...

H5P - Critical - Reflected Cross Site Scripting (XSS) - DRUPAL-SA-CONTRIB-2017-071

The H5P module helps create interactive videos, question sets, drag and drop questions, multichoice questions, boardgames, presentations, flashcards and more using Drupal. The module does not sufficiently filter text prior to printing it back to the page, leading to a Reflected Cross Site Scripti...

Google Adds New Behavior-Based Malware Scanner To Every Android Device

In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect. Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious...

Unspecified Vulnerability in F-Secure SAFE for Mac

F-Secure SAFE for Mac is a suite of antivirus software for Mac from the Finnish company F-Secure. A security vulnerability exists in F-Secure SAFE for Mac versions 15.0 through 16.1. An attacker can exploit the vulnerability to send bank security notices on non-banking websites, bypass browser...

50 Security Flaws Fixed in Google Chrome

Google has fixed 50 security vulnerabilities in its Chrome browser, including a critical string of bugs that can allow an attacker to execute arbitrary code outside of the browser’s sandbox. This is one of the larger batches of fixes that Google has produced for Chrome recently. The company...

Multiple Linksys Router CSRF Vulnerabilities

No description provided by source. It seems to be fairly well known that there are multiple unpatched CSRF vulnerabilities in the administration interfaces for various Linksys routers. Since the initial reports of these are from a few years ago, and since some exploits are available, I have writt...

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

Linksys Routers - Cross-Site Request Forgery

It seems to be fairly well known that there are multiple unpatched CSRF vulnerabilities in the administration interfaces for various Linksys routers. Since the initial reports of these are from a few years ago, and since some exploits are available, I have written additional proof of concept...

Sitenet BBS 2.0 - search.cgi?cid Cross-Site Scripting

Sitenet BBS 2.0 - search.cgi?cid Cross-Site Scripting source: https://www.securityfocus.com/bid/15883/info SiteNet BBS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue ...