229 matches found
MAL-2025-10087 Malicious code in @zalastax/nolb-_hyper_fun_fa-t (npm)
The package @zalastax/nolb-hyperfunfa-t was found to contain malicious code...
PT-2025-33009 · Netis · Netis Wf2880
Name of the Vulnerable Software and Affected Versions: Netis WF2880 version 2.1.40207 Description: A buffer overflow issue exists in Netis WF2880. The vulnerability is located in the FUN 00471994 function of the cgitest.cgi file. Attackers can exploit this by controlling the wl base set variable...
PT-2025-33018 · Netis · Netis Wf2880
Name of the Vulnerable Software and Affected Versions: Netis WF2880 version 2.1.40207 Description: A buffer overflow vulnerability exists in the FUN 0047151c function of the cgitest.cgi file. Attackers can trigger this issue by controlling the value of wds set in the payload, potentially causing ...
PT-2025-33011 · Netis · Netis Wf2880
Name of the Vulnerable Software and Affected Versions: Netis WF2880 version 2.1.40207 Description: A buffer overflow issue exists in the FUN 00476598 function of the cgitest.cgi file. Attackers can exploit this by controlling the wl base set 5g value within the payload, potentially causing a Deni...
Malicious code in my-fun-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6642f3653e49e0a80b7fadf4c06bc64cba8a1a359772f1c7a668888278348fd6 During installation, the obfuscated code attempts to insert a modified Python DLL and runs a code. --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in gaimes-fun (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa65f4433275ee9c01057f21b5c3be7d3f23b729e2525a56cbaf26e3d564838f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2673 Malicious code in gaimes-fun (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa65f4433275ee9c01057f21b5c3be7d3f23b729e2525a56cbaf26e3d564838f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Online gaming safety for kids: learn how to protect your children
Children love online gaming, and it's no surprise they do it, considering it offers them fun and interactive…...
Fedora: Security Advisory (FEDORA-2024-e4717532c4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
q-fun.it Improper Access Control vulnerability OBB-3843966
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Fedora: Security Advisory for rubygem-httparty (FEDORA-2024-a5aad4eede)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GCHQ Christmas Codebreaking Challenge
Looks like fun. Details here...
E-Fun CMS 5.0 XML Injection
==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
aardvark-dns (>=1.0.3 <=1.1.0), acme-dns-rust (>=1.0.0 <=1.1.6) +16 more potentially affected by unknown CVE via trust-dns-server (>=0.13.0 <=0.22.0)
trust-dns-server CARGO version =0.13.0, =1.0.3, =1.0.0, =1.4.0, =1.7.0, =0.1.0, =1.12.2, =1.13.0 - localns =1.0.0 - oxidux =0.4.0 - polyresolver =0.1.0 - simple-dns-server =0.1.0 - single-use-dns =0.1.0 - snail =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0041...
mathfunworksheets.com Cross Site Scripting vulnerability OBB-3256485
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fun-kidz.yooco.de Cross Site Scripting vulnerability OBB-3229043
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross-site Scripting (XSS) - Stored
Description 1. https://11.x-dev.pimcore.fun/admin/ 2. Go to Settings - Thumbnails - Video Thumbnails 3. Click the button Add Media Segment 4. Write : " and then click ok...
SUSE CVE-2014-3421
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file...
PT-2023-9998 · Unknown · Drazraeltod Pychao
Name of the Vulnerable Software and Affected Versions: DrAzraelTod pyChao affected versions not specified Description: A critical issue was found in DrAzraelTod pyChao, affecting the function klauen/lesen of the file mod fun/ init .py. This issue leads to sql injection. Recommendations: At the...
TOTOLINK T6 缓冲区错误漏洞
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00413be4 function not checking its length for input data. A remote attacker can exploi...