Lucene search
+L

17 matches found

HackRead
HackRead
added 2026/04/01 5:24 p.m.14 views

LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts

A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/12 5:29 p.m.12 views

Parse Server: Account takeover via operator injection in authentication data identifier

Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-20934

Malware in sbrugna...

7.5CVSS7.6AI score0.01072EPSS
Exploits1References2
Microsoft Secure
Microsoft Secure
added 2024/05/23 1:0 p.m.41 views

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

7.5AI score
Exploits0
OSV
OSV
added 2022/10/31 9:15 p.m.6 views

CVE-2022-40291

The application was vulnerable to Cross-Site Request Forgery CSRF attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts...

8.8CVSS5.6AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.42 views

CVE-2022-41204

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack...

8.9AI score0.0076EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

BTC2X 安全漏洞

BTC2X B2X is an application. The smart contract implements its own functionality, a tradable Ether ERC20 token with unprotected ownership, which allows anyone to become the owner of the contract, including the recipient. there is a security vulnerability in BTC2X that could be exploited by an...

7.5CVSS5.6AI score0.01072EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2020/05/30 3:43 p.m.6 views

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple ' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/13 8:52 a.m.8 views

Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed "Cookiethief " by Kaspersky researchers, the Trojan works by...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/19 12:0 a.m.40 views

Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerability (USN-4224-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4224-1 advisory. Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with a...

9.8CVSS7AI score0.3481EPSS
Exploits7References2
CNVD
CNVD
added 2018/09/19 12:0 a.m.4 views

TradingView Cross-Site Scripting Vulnerability

TradingView Charting Library is an open source and free K chart analysis tool, with a comprehensive API. support for ordinary json data UDF, there is also support for websocket JSAPI, most of the digital currency exchanges use this component library as a K line analysis tool. TradingView has a...

6.5AI score
Exploits0References1
NVD
NVD
added 2018/06/05 11:29 a.m.18 views

CVE-2018-11554

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

9.8CVSS9.3AI score0.01436EPSS
Exploits0References1
Prion
Prion
added 2018/06/05 11:29 a.m.19 views

Default credentials

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

7.5CVSS9.2AI score0.01436EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2013/10/29 5:17 a.m.13 views

Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts

None...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/08/06 12:0 a.m.22 views

Perl$hop E-Commerce Input Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/08/04 12:0 a.m.50 views

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

7.4AI score
Exploits0
OSV
OSV
added 2008/09/04 6:41 p.m.3 views

DEBIAN-CVE-2008-3920

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors...

7.5CVSS7AI score0.02109EPSS
Exploits0References1
Rows per page
Query Builder