42 matches found
CVE-2024-39069
An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack...
EUVD-2018-18079
Malware in sbrugna...
EUVD-2015-8204
Malware in sbrugna...
EUVD-2020-18781
Malware in sbrugna...
EUVD-2015-7194
Malware in sbrugna...
EUVD-2016-10498
Malware in sbrugna...
EUVD-2023-35540
Malicious code in bioql PyPI...
EUVD-2024-40035
Malicious code in bioql PyPI...
CVE-2024-37664
Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router...
CVE-2022-47758
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack...
CVE-2025-24856
An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...
CVE-2025-24856
An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...
CVE-2025-24856
TYPO3 OpenID Connect (oidc) extension vulnerability predates v4.0.0. The account linking logic allows a pre-hijacking attack: an attacker who can guess a user’s email, register a public frontend account with that email before the user’s first OIDC login, and rely on the IDP returning that email i...
CVE-2025-24856
An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...
CVE-2025-24856
An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...
CVE-2019-11540
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack...
The vulnerability of the Loway QueueMetrics software for analyzing call center efficiency metrics lies in its lack of proper HTTP request processing capabilities. This allows attackers to circumvent existing security restrictions.
The vulnerability of the Loway QueueMetrics performance analysis software relates to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...
Ubuntu: Security Advisory (USN-7047-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Kossy Security Breach
Kossy is a web application framework developed by Masahiro Nagano, an individual developer in Japan. A security vulnerability exists in Kossy module version 0.60, which stems from mishandling of X-Requested-Wise, allowing an attacker to perform JSON hijacking...
Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes
The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager NTLM hashes. The new attack chain "can be used for sensitive information gathering purposes and to enable follow-on activity," enterprise security firm Proofpoint...