WordPress plugin Alone Theme 安全漏洞

The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...

EUVD-2002-1817

Malware in sbrugna...

EUVD-2025-24465

Malicious code in bioql PyPI...

EUVD-2025-2892

Malicious code in bioql PyPI...

EUVD-2025-25461

Malicious code in bioql PyPI...

EUVD-2025-24453

Malicious code in bioql PyPI...

CVE-2025-55170

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

CVE-2025-55168

CVE-2025-55168 affects WeGIA prior to 3.4.8, where a SQL injection exists in the GET endpoint /html/saude/aplicar_medicamento.php via the id_fichamedica parameter. This allows attackers to execute arbitrary SQL commands, risking confidentiality, integrity, and availability of the database. The is...

CVE-2025-55167

CVE-2025-55167 affects WeGIA prior to 3.4.8. A SQL Injection vulnerability exists in the endpoint /html/funcionario/dependente_remover.php, taking the id_dependente parameter, allowing an attacker to execute arbitrary SQL commands. Impact is described as compromising confidentiality, integrity, a...

The Zardoor Backdoor’s Silent Takeover of Saudi Charities

Summary: An espionage operation, designed to distribute a backdoor called Zardoor, was uncovered with evidence suggesting it dates back to March 2021. In May 2023, this meticulously orchestrated campaign specifically targeted non-profit organizations in Saudi Arabia. Threat Level - Amber | Attack...

Ransomware group donates $20,000 in BTC to two charities

By Waqas The DarkSide ransomware group says it donated 0.88 BTC each to "Children International" and "The Water Project" charities. This is a post from HackRead.com Read the original post: Ransomware group donates $20,000 in BTC to two charities...

Ransomware Group Makes Splashy $20K Donation to Charities

The Darkside ransomware group has distinguished itself from its cybercriminal counterparts not by technical innovation, but by slapping a shiny corporate veneer on its attacks. The latest evolution in Darkside’s ransomware-as-a-corporation gimmick is a hefty $20,000 donation that the group made...

jerseycharities.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1147061 Security Researcher MrRain1996 Helped patch 1003 vulnerabilities Received 5 Coordinated Disclosure badges Received 9 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting jerseycharities.org...

Holiday Scams and Malware Campaigns

As the holidays approach, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and...

catholiccharitiesny.org XSS vulnerability

Vulnerable URL: http://catholiccharitiesny.org//search-results?keys=';alert/XSSPOSED///';alert/XSSPOSED///";alert/XSSPOSED///";alert/XSSPOSED///--alert/XSSPOSED/...

charities.ago.state.ma.us XSS vulnerability

Open Bug Bounty ID: OBB-57167 Description| Value ---|--- Affected Website:| charities.ago.state.ma.us Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventio...

China's Keen Team Topples Safari, Flash at Pwn2Own

VANCOUVER – One is the bug hunter, the other the exploit specialist. Fang Jiahong and Liang Chen represented the Keen Team at Pwn2Own on Thursday, starting off the second day of the annual exploit festival with a quick takedown of Apple’s Safari browser. They then wrapped up the contest with a...

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 IE11. The program was designed to run during Internet Explorer 11’s browser beta test on...

Squiz CMS 11654 File Path Traversal Vulnerability

Exploit for php platform in category web applications ======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published...

CVE-2002-1838

Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files...