Lucene search
K

2005 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.8 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 6:36 p.m.16 views

EUVD-2026-30601

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.39 views

CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01709EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.19 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API method, which allowed options related to proxies to be included in the list. This could allow any...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/06 8:49 p.m.11 views

phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Summary BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha at phpmyfaq/src/phpMyFAQ/Captcha/BuiltinCaptcha.php:298 and :330 interpolate the User-Agent header and client IP address into DELETE and INSERT queries with sprintf and no escaping. Both methods run on every hit to the publi...

9.8CVSS6.1AI score0.01709EPSS
Exploits0References5Affected Software2
Snyk
Snyk
added 2026/05/06 8:49 p.m.11 views

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:49 p.m.6 views

SQL Injection

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 8:49 p.m.40 views

GHSA-289F-FQ7W-6Q2W phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Summary BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha at phpmyfaq/src/phpMyFAQ/Captcha/BuiltinCaptcha.php:298 and :330 interpolate the User-Agent header and client IP address into DELETE and INSERT queries with sprintf and no escaping. Both methods run on every hit to the publi...

9.8CVSS6.1AI score0.01709EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-41366

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An unauthenticated SQL injection exists in the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods. The issue occurs when unsanitized User-Agent headers are interpolated into...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37296

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists in the 'objects/sendEmail.json.php' endpoint where the absence of the contactForm parameter allows unauthenticated users to send emails to arbitrary recipients. When this parameter is...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2026/05/04 3:0 p.m.10 views

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/01 12:0 p.m.9 views

annatar (>=0.4.3 <=0.5.8), ansi2png-rs (>=0.1.0 <=0.1.1) +62 more potentially affected by unknown CVE via imageproc (>=0.10.0 <=0.22.0)

imageproc CARGO version =0.10.0, =0.4.3, =0.1.0, =0.2.0, =0.1.5, =0.1.0, =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0117...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/30 3:0 p.m.7 views

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/28 10:46 a.m.14 views

Fake CAPTCHA scam turns a quick click into a costly phone bill

Researchers have documented a long‑running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background. If you’ve spent any time on today’s web, CAPTCHAs may seem like background noise: click a few traffic lights, prove you’re...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/27 6:33 a.m.6 views

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lea...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/04/25 11:10 a.m.9 views

Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts...

5.3AI score
Exploits0
HackRead
HackRead
added 2026/04/24 8:5 p.m.4 views

New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/23 8:38 p.m.6 views

CVE-2026-4121

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 5:6 p.m.5 views

Guessable CAPTCHA

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the objects/getCaptcha.php process. An attacker can bypass CAPTCHA protections by manipulating the ql parameter to generate trivially sho...

6.9CVSS5.4AI score0.00218EPSS
Exploits1References2
Rows per page
Query Builder