CVE-2025-42948

CVE-2025-42948 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform. An unauthenticated attacker can generate a malicious link that becomes publicly accessible; when an authenticated user clicks it, the injected input is processed during page generation, enabling ex...

CVE-2025-42942

CVE-2025-42942 : SAP NetWeaver Application Server for ABAP contains a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can craft a URL embedded with malicious script and entice a victim to click it, resulting in the attacker being able to access and modify limited information...

CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...

CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...

PT-2025-32608 · Sap · Sap Netweaver/Abap Platform

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Platform affected versions not specified Description: A Cross-Site Scripting XSS issue exists in SAP NetWeaver ABAP Platform. An unauthenticated attacker can create a malicious link and distribute it publicly. If an...

SAP NetWeaver ABAP Platform 跨站脚本漏洞

NetWeaver ABAP Platform is an enterprise-class application development and deployment platform provided by SAP. A cross-site scripting vulnerability exists in NetWeaver ABAP Platform. An attacker could use this vulnerability to generate a malicious link and make it publicly accessible. When an...

PT-2025-32604 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: SAP NetWeaver Application Server for ABAP is susceptible to a cross-site scripting issue. An unauthenticated attacker can create a URL containing a malicio...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...

Malicious Package

Overview secmeasure is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

Malicious Package

Overview sisaws is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

MAL-2025-191689 Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of markdown images with arbitrary URLs. An attacker can obtain the IP address, browser User-Agent, and potentially other request-specific information of users by embedding image URLs that are...

MAL-2025-191733 Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data...

CVE-2025-23192

SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

MAL-2025-191728 Malicious code in fernets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95fc75ed8a4cfcccc988b2241772effbc15eb3700a6a96f3183981a1b4c7fba7 If imported, the module starts a multi-stage infostealer, exfiltrating browser data as well as crypto wallets, and also attempts to monitor clipboard looking f...

Malicious code in fernets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95fc75ed8a4cfcccc988b2241772effbc15eb3700a6a96f3183981a1b4c7fba7 If imported, the module starts a multi-stage infostealer, exfiltrating browser data as well as crypto wallets, and also attempts to monitor clipboard looking f...