EUVD-2023-25339

Malicious code in bioql PyPI...

EUVD-2024-31390

Malicious code in bioql PyPI...

CVE-2024-33678

Cross-Site Request Forgery CSRF vulnerability in eranfl ClickCease Click Fraud Protection clickcease-click-fraud-protection.This issue affects ClickCease Click Fraud Protection: from n/a through = 3.2.7...

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

WordPress plugin ClickCease Click Fraud Protection 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings vulnerability

Improper Authorization to sensitive information exposure via getsettings vulnerability discovered by Francesco Carlucci in WordPress Plugin ClickCease Click Fraud Protection versions = 3.2.4...

CVE-2024-33678

Cross-Site Request Forgery CSRF vulnerability in eranfl ClickCease Click Fraud Protection clickcease-click-fraud-protection.This issue affects ClickCease Click Fraud Protection: from n/a through = 3.2.7...

CVE-2024-33678

CVE-2024-33678 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the ClickCease Click Fraud Protection plugin by eranfl. Public records note this affects ClickCease Click Fraud Protection releases up to version 3.2.7 (no fixed version disclosed in the provided documents). The Re...

WordPress plugin ClickCease Click Fraud Protection 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists...

WordPress ClickCease Click Fraud Protection Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software ClickCease Click Fraud Protection Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33678 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c376a3fb1460 Credits...

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

Information disclosure

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2023-21171

CVE-2023-21171 affects Android 13 and is tied to the InputDispatcher.cpp function verifyInputEvent. Descriptions across multiple connected sources state a side-channel information disclosure that could enable click fraud, potentially enabling local escalation to System privileges. Exploitation is...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel that stems from a bypass information leak in the verifyInputEvent of the InputDispatcher.cpp file, which has a way of potentially committing click fraud...

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

PUB-A-261085213

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. "The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages,...

Threat Roundup for March 24 to March 31

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 24 and March 31. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...