CVE-2025-41358 Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

Cronos Kicks Off $42K Global Hackathon Focused on AI-Powered On-Chain Payments

Cronos launches x402 PayTech Hackathon with $42K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools...

EUVD-2025-27976

Malicious code in bioql PyPI...

EUVD-2022-0577

Malicious code in bioql PyPI...

Malicious code in agoda.cronos.activities.client-side (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0928f5727876dc4dcdb9f1869badd5793565d97277f96836f85b5413f44bcaf9 Any computer that has this package installed or running should be considered...

Malicious code in agoda.cronos.gql (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0918c4b7cc7549b33d32ef492ce8439108e4df06cece719c5a0e497e048f6293 Any computer that has this package installed or running should be considered...

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

CVE-2025-40663

CVE-2025-40663 describes a Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos v23.02.01.17 (i2A). An authenticated attacker can upload a malicious SVG image into a user’s personal space at /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments, leading to script execution withi...

CVE-2025-40663 Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

CVE-2025-40663 Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

i2A-Cronos 跨站脚本漏洞

i2A-Cronos is a sports center management and access control solution from i2A-Cronos. A cross-site scripting vulnerability exists in i2A-Cronos version 23.02.01.17, which originates from stored cross-site scripting and could lead to the execution of malicious code...

PT-2025-22896 · Unknown · I2A-Cronos

Name of the Vulnerable Software and Affected Versions: i2A-Cronos version 23.02.01.17 Description: A Stored Cross-Site Scripting XSS issue allows an authenticated attacker to upload a malicious SVG image into the user's personal space in...

CVE-2021-43839

Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are ...

GO-2022-0829 Cronos vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos

Cronos vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos...

GO-2022-0760 Ethermint vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos

Ethermint vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos...

The Drop in Ransomware Attacks in 2024 and What it Means

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048...

PT-2024-12343 · Telegram +1 · Telegram +1

Name of the Vulnerable Software and Affected Versions: ESXi affected versions not specified Telegram affected versions not specified Description: The issue is related to the Operation Cronos impact on LockBit, following a landmark disruption. It affects the financial industry, specifically in the...

Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption

Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption...

LockBit Attempts to Stay Afloat With a New Version

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations...