1209 matches found
Phishing emails disguised as spam filter alerts are stealing logins
Cybercriminals are spoofing "email delivery" notifications to look like they came from spam filters inside your own organization. The goal is to lure you to a phishing site that steals login credentials—credentials that could unlock your email, cloud storage or other personal accounts. The email...
CVE-2025-47952 Traefik allows path traversal using url encoding
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...
traefik -- Path traversal vulnerability
The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint ...
Gibbon LMS < v26.0.00 - Authenticated RCE
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...
SUSE CVE-2008-4382
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service application crash via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters...
Jenkins Gerrit Trigger Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-24982
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...
Debian DLA-2188-1 : php5 security update
Three issues have been found in php5, a server-side, HTML-embedded scripting language. CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash. CVE-2020-7066 An URL containing zero \0 character will be truncated at it, which may cause some...
Поиск работы на HeadHunter. Вакансии рядом с домом - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Поиск работы на HeadHunter. Вакансии рядом с домом published at the 'play' market has multiple vulnerabilities...
Security Master - Antivirus, VPN, AppLock, Booster - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Security Master - Antivirus, VPN, AppLock, Booster published at the 'play' market has multiple vulnerabilities...
Vivalines Turizm - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Vivalines Turizm published at the 'play' market has multiple vulnerabilities...
Бородач. День рождения Иришки - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Бородач. День рождения Иришки published at the 'play' market has multiple vulnerabilities...
TextNow - free text + calls - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application TextNow - free text + calls published at the 'play' market has multiple vulnerabilities...
VMware Boxer - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application VMware Boxer published at the 'play' market has multiple vulnerabilities...
Root Browser - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Root Browser published at the 'play' market has multiple vulnerabilities...