PT-2026-41868

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data

The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data...

TencentOS Server 3: thunderbird (TSSA-2025:0600)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0600 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2020-27542

Malware in sbrugna...

EUVD-2011-2757

Malware in sbrugna...

EUVD-2022-34449

Malicious code in bioql PyPI...

EUVD-2022-43017

Malicious code in bioql PyPI...

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

Linux Distros Unpatched Vulnerability : CVE-2020-16027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious...

PT-2024-28001 · Unknown · Matrix Tafnit

Name of the Vulnerable Software and Affected Versions: Matrix Tafnit version 8 Description: The issue is related to reliance on the file name or extension of externally-supplied files, as indicated by CWE-646. Recommendations: For Matrix Tafnit version 8, at the moment, there is no information...

PT-2023-5970 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to an inappropriate implementation in Fullscreen mode, allowing an attacker to bypass navigation restrictions via a crafted Chrome Extension if a user is convince...

Steer clear of cryptocurrency recovery phrase scams

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet. Cuban discovered some of the...

Mozilla: Extensions could have opened external schemes without user knowledge

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...

Mozilla: Extensions could have opened external schemes without user knowledge

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...

SUSE CVE-2018-6045

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension...

PT-2020-16880 · Mediawiki +2 · Randomgameunit +2

Name of the Vulnerable Software and Affected Versions: MediaWiki extension RandomGameUnit versions through 1.35 Description: The issue concerns the RandomGameUnit extension for MediaWiki, where certain title-related data was not properly escaped. This allowed for the manipulation of game names or...