Lucene search
K

5 matches found

The Hacker News
The Hacker News
added 4 days ago14 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
OSV
OSV
added 2026/06/11 10:16 p.m.3 views

DEBIAN-CVE-2026-12027

Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.4AI score0.00224EPSS
Exploits0References1
Snyk
Snyk
added 2022/06/01 7:58 a.m.7 views

Remote Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Remote Code Injection via sending an SVG file containing the payload. PoC: js const convert = require'convert-svg-to-png'; const...

9.9CVSS7.5AI score0.09204EPSS
Exploits1References2
Snyk
Snyk
added 2021/09/05 3:50 p.m.3 views

Directory Traversal

Overview convert-svg-to-png is a package for converting SVG to PNG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a...

7.5CVSS7.3AI score0.01978EPSS
Exploits1References2
Kitploit
Kitploit
added 2021/07/02 12:30 p.m.110 views

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

7AI score
Exploits0References15
Rows per page
Query Builder